Magecart hackers have been gathering sensitive information from thousands of online shops after compromising top ecommerce platform and service provider Volusion.
Over the past month, starting September 7, the hackers’ online credit card skimmers were active on 3,126 online shops hosted on Volusion, Trend Micro’s security researchers report.
One of the websites affected by this incident is the Sesame Street Live online store, reveals Marcel Afrahim, a researcher at Check Point.
The malicious code was injected into a JavaScript library provided by Volusion to their clients. The code was designed to load JavaScript stored on a Google Cloud Storage service, representing an almost identical copy of the legitimate library, but with the credit card skimmer carefully integrated into it.
The code was meant to copy personal information and credit card details submitted by users and send all the data to an exfiltration server belonging to the attackers.
Analysis of the compromised library has revealed that the attackers carefully integrated the code into the original script, to ensure it is part of the execution flow of the program. The code is as simple as possible, so as to make it difficult to identify, and the exfiltration server (“volusion-cdn[.]com”) is similar to a Volusion domain.
Given the hackers’ modus operandi, Trend Micro’s security researchers believe that the attack has been orchestrated by Magecart Group 6, previously identified as the notorious threat actor FIN6. Moreover, the code employed showed similarities with that used in FIN6 ..
Support the originator by clicking the read the rest link below.
