MageCart compromises ecommerce sites to steal financial info

Thursday 17 January 2019 09:44 CET | News

The MageCart criminal group has compromised an advertising script to inject the MageCart into hundreds of sites, according to new research by TrendMicro and RiskIQ.

MageCart infections are when attackers compromise an ecommerce site to inject JavaScript into the checkout or cart pages. This script then steals credit card and address information entered into these pages and then sends it off to a remote server for the attackers to collect. This type of attack has been very active this past year, with large sites such as British Airways, TicketMaster, OXO, and Newegg being affected by these malicious scripts.

In research by TrendMicro and RiskIQ, a new group known as Magecart Group 12 has compromised a script belonging to a French advertising company in order to inject MageCart into its customers websites.

New reports released by the security companies disclose that “277 ecommerce websites providing ticketing, touring, and flight booking services as well as self-hosted shopping cart websites from prominent cosmetic, healthcare, and apparel brands” were affected by a MageCart attack through a compromised advertising script from French online advertiser Adverline. This script is used by Adverlines customers to retarget advertisements based on a visitors interests or other behaviour.

BleepingComputer was told by a RiskIQ threat researcher that Adverline did not respond to emails sent by the researchers.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Magecart, malicious script, TrendMicro, RiskIQ, fraud prevention, ecommerce, financial data, skimming, cybercriminals
Countries: World