Magecart Skimming Exploit Affected Multiple E-Commerce Shopping Platforms

Dutch security firm Sansec reported that a new multi-platform credit card skimmer that can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce.

Dutch security firm Sansec reported that a new multi-platform credit card skimmer that can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce.

According to Sansec, this new web skimming malware dubbed as Magecart can take over the checkout process on shops using multiple online store management systems through a malicious checkout page injection. 

“It is remarkable that so many different platforms are compromised in the same campaign. Typically, criminals exploit a flaw in a single platform. Attackers may have breached a shared component, eg software or a service that is used by all affected merchants,” said Sansec researchers. 

The Magecart Script reportedly deploys a fake payment page before the customers land on the real checkout form and using a keylogger plugin to intercept and steal personal information.

Magecart will then display an error after the customers entered in their payment information to evade detection before they are redirected back to the legitimate checkout process and payment form.

Currently, the Magecart has been found on a dozen online stores’ checkout pages that are supported by content management systems hosted on platforms from Shopify, BigCommerce, Zen Cart, and WooCommerce.

Magecart is not a single group but an umbrella term for various groups that use the same methodology and tools to target e-commerce checkout pages to steal credit card information and other data.

It is still unclear who created malware and how it was proliferated to various malicious cyber actor groups but it was first detected last August 31.


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.