The American Cancer Society's online store has become the latest victim of credit card-stealing malware.
Security researcher Willem de Groot found the malware on the organization's store website, buried in obfuscated code designed to look like legitimate analytics code. The code was designed to scrape credit card payments from the page, like similar attacks targeting British Airways, Ticketmaster, AeroGarden and Newegg.
The attackers, known as Magecart, use their stolen credit card numbers to sell on the dark web or use the numbers for committing fraud.
De Groot said in a blog post explaining the breach, shared exclusively with TechCrunch, that the code was designed to send collected credit card numbers to a third-party server, operated by the attacker. The code was malformed, leading to it being inserted twice. When the malicious code was decoded, it revealed the web address of the the hacker's third-party server.
acs magecartThe card-skimming malware on the American Cancer Society's store's website (Image: TechCrunch)
Trend Micro said american cancer society online store infected credit stealing malware
