Massive Magecart campaign targets sites offering counterfeit sneakers

Pierluigi Paganini December 12, 2019

Crooks are targeting these hundreds of sites offering counterfeit sneakers to install malicious Magecart scripts and steal payment credit card data.

While sneakers are becoming even more popular, the number of sites offering counterfeit sneakers is rapidly increasing and crooks want to monetize this trend by compromising them.

Researchers at Malwarebytes reported that hackers are now targeting these sites to plant malicious Magecart scripts designed to steal buyers’ credit card information.

“We recently identified a credit card skimmer injected into hundreds of fraudulent sites selling brand name shoes. Unfortunate shoppers may not only be disappointed with the faux merchandise, but they will also relinquish their personal and financial data to Magecart fraudsters.” reads the post published by Malwarebytes.

The experts uncovered a large-scale hacking operation that is targeting these counterfeit sneaker sites, many of which are still online.

The Magecart skimmer code was appended to an obfuscated JavaScript file called translate.js in the checkout page.

The JavaScript captures shoppers’ credit card data and sends them to a server located in China having the IP address 103.139.113[.]34.

The massive campaign compromised e-commerce sites having similar templates, and running upon outdated versions of Magento (under 1.9.4.2) and PHP under 5.6.40. Experts also noticed that all of them were located on a small number of IP address subnets.

The attackers likely used a malicious scanner against crawled IP ranges and used the same vulnerability to compromise each online store offering counterfeit products.

The full list of the compromised stores, along with Indicators of Compromise (IoC) are available on the analysis published by Malwarebytes.

counterfeit sites pose a double threat, not only from obtaining illicit goods but also getting robbed of data by a different group of criminals.” concludes the post.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – counterfeit sneaker sites, Magecart)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment