A new Magecart attack made the headlines, the victim is the American
The hack was discovered by the researcher Willem de Groot from security firm Sanguine Security, the attackers planted the software skimmer on the Smith & Wesson e-commerce on November 27.
The expert discovered that the software skimmer and the infrastructure identical to the campaign that impersonates Sanguine Security. Hacker registered skimming domains using
The compromised Smith & Wesson online store loads malicious code
At the time of writing the software skimmer is still present on the online store:
“This script is not easy to spot as it will load a
The Smith & Wesson online store runs on Magento, attackers likely exploited a known vulnerability to compromise the system and inject the malicious code.
Earlier in November, Magento addressed a remote code execution vulnerability, tracked as CVE-2019-8144, that could allow
Users that have recently made purchases at smith-wesson.com are recommended to contact their credit card company and monitor your statements for suspicious activities.
In November, Macy’s started notifying some of its customers that crooks used a software skimmer to steal their personal and financial information.