Australia Bushfire Donors Affected by Credit Card Skimming Attack
Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors.
Deepak Patel, security evangelist at PerimeterX, commented today:
“Magecart attackers keep hitting new lows. The attackers recently targeted a website that is collecting funds to help with the Australian brush fires. The attack kit was deployed on multiple domains confirming the organized effort of a Magecart group targeting sites that use the same underlying third-party code. Attackers have always compromised unprotected web servers, but with Magecart they have found an easy way to skim users’ credit card data complete with names, addresses, zip codes and CVV numbers. These comprehensive stolen credit card records are worth more on the dark web than individual components. Given the lack of visibility to such client-side attacks, the website owners find out about the data breach days or weeks after the code injection. The extended time allows skimmers to monetize the stolen cards to the fullest extent. Any site that processes user PII and accepts payments should take steps to shore up their application security by tracking and monitoring the first- and third-party code execution on their sites in real time.”