Security experts at Sanguine Security have uncovered a new large-scale payment card skimming campaign that already hacked 962 online stores running on the Magento CMS.
The list of hacked e-commerce also includes a number of websites belonging to enterprise stores.
“Even though no information on how such automated Magecart attacks against e-commerce websites would work was shared by Sanguine Security, the procedure would most likely entail scanning for and exploiting security flaws in the stores’ software platform.” reported BleepingComputer that has spoked with de Groot.
The expert speculates that threat actors may have compromised websites that did not install security updates to address PHP object injection exploits.
The skimmer script is able to capture credit card data, names, phones, and addressesù from compromised websites.
Security expert Micham spotted another attack attributed to the Magecart gang, hackers injected a skimmer script in the The Guardian via old AWS S3 bucket and exploiting wix-cloud[.]com as a skimmer gate.
Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use to implant skimming script into compromised online stores in order to steal payment card data on, but they are quite different from each other.
According to a joint report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.
Security experts point out that the cyber crime gang continues to evolve its techniques to hit the greatest number of online stores.
For every Magecart attack that makes headlines, experts detect thousands of other attacks that they don’t disclose, most of them that targeting third-party payment platforms.
Recently Group-IB experts discovered 2,440 compromised stores that were compromised by Magecart groups.