Major Magecart skimming attack hits 8 local US government sites

Major Magecart skimming attack hits 8 local US government sites

The attack puts personal and financial data of millions of people at risk.


Local governments across the United States have been firefighting on several different fronts as a result of the Coronavirus pandemic. This has also involved cyberattacks including the one on the Department of Health and Human Services (HHS) in March this year.


But, this time the websites of 8 cities across 3 states in the US have been hacked with credit card skimmers in a classical Magecart attack. This attack allowed attackers to steal the payment information of all citizens using the website. But how crucial is it?


See: Attackers steal payment information through Google Analytics


Turns out to a wider extent. You see, all of these websites are built on the Click2Gov platform which allows local governments to provide vital services such as the payment of utilities, complaint management, and community engagement. Therefore, most residents would naturally be using them increasing the victim net. 

This is because the general perception is that government websites are “naturally secure” just like Android users believing in Google and downloading malware-infected apps from Play Store as if it’s a secure platform after all Google owns it.



Attack chain (Image: Trend Micro)



The attack took place t ..