Two distinct MageCart groups have compromised multiple European websites for the Perricone MD anti-aging
“During research into Magecart attacks, we recently uncovered malicious code from two hacking groups attempting to steal credit card information on the European e-commerce websites for the science-backed skincare brand Perricone MD (affecting perriconemd.co.uk,
A first e-skimming script was planted on the Perricone MD websites in November 2018, and experts noticed that it was affected by a coding error that was making it unusable,
For this reason, a MageCart group used a second script that was able to determine the presence of the first one and altered the code so that the host domain could not be reached to download the malicious script.
The expert Sam Jenkins, from RapidSpike, noticed that the flawed code attempted to contact the
The scenario that sees two Magecart groups competing for compromising the same websites is not new, in November 2018, where the MageCart Group 9 and the MageCart Group 3 targeted the websites of Umbro Brazil and the
The technique is the same adopted in other MgeCart attacks, hackers injected the script in the checkout page of the website and used a domain similar to the victim’s legit one to deliver the script and
The server hosting the fake website is located in Japan and also hosts other domains involved in several data breaches and credit card theft.
Experts pointed out that the software skimmer is still present on the three Perricone MD’s
Perricone MD customers that made a purchase last year should remain vigilant and check for suspicious card transactions and report any of them to the bank.
(SecurityAffairs – Perricome MD, hacking)