Hundreds of Online Shopping Sites Vulnerable to Theft

Recent research exposed an ongoing cyber theft campaign that has been stealing credit card information from shoppers who visited over 105 online stores. The skimming code used to breach these sites was created with JavaScript and enables the hackers to acquire information such as credit card numbers, card expiration dates, CVV numbers, and card owners’ names while the information is being entered on the sites. Hosted on a known domain for more than seven months, the malicious script has been injected into hundreds of shopping websites.

Clever Trickery to Disguise the Hacking Activities

Although the way the affected websites were infected remains unknown, it has been determined that all of the affected e-commerce sites run on the Magento e-commerce CMS platform. The malicious domain, named www.magento-analytics[.]com, has no connection to the popular CMS platform whatsoever despite its similar name. The use of the CMS platform’s name as part of the malicious domain’s name is merely a ruse to confuse customers and thus to disguise the malevolent activity. Researchers discovered that www.magento-analytics[.]com is registered in Panama, but that the IP address that it used has jumped across the globe to countries including the United States, Russia, and China.

How the Hack is Perpetrated

The hacking technique used in this cybercrime is a fairly classic method of stealing digital data. The code is identical to what the notorious Magecart hackers used to gain access to the details of customers on the British Airways, Newegg, and Ticketmaster websites. Malicious script is inserted into checkout pages where it silently captures payment details as shoppers make their purchases. The information is then sent to a remote server where it is retrieved by the hackers.

Be Cyber Safe

Customers shopping online would do well to practice basic personal oversight of their credit cards and bank statements. Any unauthorized transaction appearing there, no matter how minute, should be reported immediately.