Cybersecurity researchers at Akamai have made a concerning discovery, unearthing a new Magecart-style web skimmer campaign that poses a serious threat to digital commerce websites.
This campaign aims to pilfer personally identifiable information (PII) and credit card details from unsuspecting online shoppers.
The victims of this campaign span across North America, Latin America, and Europe, with businesses of varying sizes falling prey to the skimming operation. Some targeted websites receive hundreds of thousands of monthly visitors, potentially endangering the sensitive data of tens of thousands of shoppers. The stolen information can be abused or sold on the dark web, leading to potential financial losses and identity theft.
To elude detection, the attackers have employed several evasion techniques throughout their campaign. They obscure Base64 encoding and mask the attacks to resemble popular third-party services such as Google Analytics or Google Tag Manager. Additionally, the attackers use legitimate websites as “host victims,” effectively hijacking them to act as command and control (C2) servers. This strategy allows them to camouflage the malicious code behind seemingly legitimate domains, making it harder to detect the breach.
The attackers have targeted multiple platforms, including Magento, WooCommerce, WordPress, and Shopify, demonstrating the growing range of vulnerabilities in digital commerce platforms that can be exploited. This highlights the need for continuous vigilance and proactive security measures to protect sensitive customer data.
Website owners can defend against Magecart infections by appropriately protecting website admin accounts and applying security updates for their CMS and plugins.
