Security experts at
The Magecart umbrella includes at least 11 different hacking crews that has been active at least since 2015. The gangs use to implant skimming script into compromised online stores in order to steal payment card data on, but they are quite different from each other.
“In this blog, we’ll document two Magecart-related breaches against bedding retailers MyPillow and Amerisleep.” reads the advisory published by RiskIQ. “One has been
MyPillow website was compromised in October 2018, in this case, crooks inserted a skimming code on the site that was hosted on a look-alike domain (mypiltow[.]com), a typo-squat on the legitimate domain of MyPillow, and using a certificate issued by LetsEncrypt.
The skimming script remained on the website from October 1st to November 19th.
The second company hit by the Magecart gang is Amerisleep, it was targeted by same crews multiple times in 2017. The latest attack dates back December 2018, when Magecart compromised the website injecting skimmers contained on a Github account.
The latest attack against Amerisleep was discovered in January, experts noticed that the skimming scripts were injected by the attackers only on
“In December 2018, the attackers had used a new skimming setup with a fascinating new method. The attackers abused Github by registering a Github account called “
“This skimming method quickly disappeared.” “Starting in January, we observed a different skimmer that Magecart actors injected with some conditional checks to ensure the script would only go on payment pages. Formerly, the skimmers themselves would check to see if they were already on an active payment page.”
Experts noticed that the skimmer domain has been taken offline, but that the injection is still live on the website as of the publishing of the report.
“Magecart has capitalized on the fact that the security controls of small companies who provide services to enhance the websites of global brands are far less developed than the security controls of the global brands themselves.” concludes the report.
“Businesses need to focus on visibility into internet-facing attack surfaces and increase scrutiny of third-party services that form an integral part of modern web applications. The reputation of organizations that run payment forms online and the overall confidence of online shoppers is at stake.”