Magecart Attackers Target Retail Brands Under Lockdown

Magecart attackers have been busy again, installing digital skimming code onto the websites of several popular retailers over recent weeks.

The first brand affected was US accessories provider Claire’s. Security company Sansec spotted an unknown third party registering the “claires-assets” domain back in March, just after the chain decided to shut all of its stores.

“For the next four weeks, Sansec did not observe suspicious activity, but in the last week of April, malicious code was added to the online stores of Claire’s and its sister brand Icing,” it continued.

“The injected code would intercept any customer information that was entered during checkout, and send it to the claires-assets.com server. The malware was present until June 13.”

Unlike many Magecart efforts which compromise sites by attacking their digital supply chain partners, this was a direct attack with the hackers gaining write access to code.

However, the root cause of the compromise is not yet known: Sansec hypothesized that leaked admin credentials, spear-phishing of staff and/or a compromised internal network may have been to blame.

The firm responded quickly to Sansec’s private disclosure of the incident, and urged online shoppers to monitor their bank statements.

“Our investigation identified the unauthorized insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process,” it said in a statement sent to Sansec.

“We removed that code and have taken additional measures to reinforce the security of our platform. We are working diligently to determine the transactions that were involved so that we ..

Support the originator by clicking the read the rest link below.