Infamous card skimming group Magecart is actively infecting online sites that are selling counterfeit shoes. Malwarebytes has recently discovered a credit card skimming activity being done Magecart on hundreds of online shops.
As offline shopping turns the pain in the ass, many shoppers move onto online sites to buy things frequently. This mode often bears skepticism by buyers as they might not be getting the true product as shown/said. That’s true. But reputed sites like Amazon, Flipkart, etc have tested their sellers and even partnered with some to list only genuine products.
While this being good, many other fraudsters make and sell counterfeit goods with a resembling site or on a new one. They may be doing this to earn bucks by cheaply imitating original goods, but the ultimate losers would be the buyers of those.
They may be getting faulty products or sometimes nothing. Making this scene worse is getting their card details hacked by someone in transit. If users wouldn’t consider this seriously, they end up losing much greater than anticipated.
Here’s a new story of infamous Magecart skimmers.
The Hack
Magecart skimmers steal the sensitive credit card details of users who enter into unreliable sites. They do this by implanting a malicious code at the checkout page after inspecting it clearly.
On December 10th, Security Researcher Jerome Segura from Malwarebytes detailed a fresh hack of Magecart skimmers in the company’s blog post. It read, “The skimming code was appended to a JavaScript file called translate.js.”
This is said to host in Russia at 91.218.113[.]213. An analysis of this 91.218.113.0/24 subnet revealed hundreds of such domains that are dealing with counterfeit goods.
The data exploited include the billing address and credit card numbers of all shoppers who’ve entered into that site. This data is further withdrawn to serve with address 103.139.113.34 located in China.
The story turns interesting when they discovered hundreds of such sites being hacked by Magecart, all imposing the same loopholes. All these compromised sites were not updated to the latest softwares. They’re either running on Magneto versions under 1.9.4.2 or PHP under 5.6.40. Further, the team has found most of the affected people would be from Black Friday and Cyber Monday sales.
A simple check into the site’s connection from its address bar or looking for the latest “Copyright Year” tag at the bottom could reveal the authenticity and maintenance of such websites. If the site maker/sellers are really serious about business, they would’ve considered taking effective security measures. For now, we suggest you to avoid shopping on such unreliable sites even though the offer seems attractive. You’re not just losing the money, but sensitive data that’s more important than anything.
If you’ve done any shoe shopping recently, better check back into those sites. Malwarebytes listed the sites that were compromised in its blog. Check from the source link below.
Source: Malwarebytes
