A new Magecart attack made the headlines, the victim is the American
The hack was discovered by the researcher Willem de Groot from security firm Sanguine Security, the attackers planted the software skimmer on the Smith & Wesson e-commerce on November 27.
The expert discovered that the software skimmer and the infrastructure identical to the campaign that impersonates Sanguine Security. Hacker registered skimming domains using
The compromised Smith & Wesson online store loads malicious code
At the time of writing the software skimmer is still present on the online store:
“This script is not easy to spot as it will load a
The Smith & Wesson online store runs on Magento, attackers likely exploited a known vulnerability to compromise the system and inject the malicious code.
Earlier in November, Magento addressed a remote code execution vulnerability, tracked as CVE-2019-8144, that could allow
Users that have recently made purchases at smith-wesson.com are recommended to contact their credit card company and monitor your statements for suspicious activities.
In November, Macy’s started notifying some of its customers that crooks used a software skimmer to steal their personal and financial information.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.