The website of international retail chain Claire’s was compromised by Macegart hackers for weeks amid an increase in overall online shopping due to the coronavirus pandemic, Sansec reports.
The attack appears to have been set up on March 21, the day after Claire’s closed its 3,000 brick-and-mortar stores due to restrictions imposed worldwide as the number of new COVID-19 cases started spiking.
On that day, Netherlands-based eCommerce security company Sansec explains, the attackers registered the domain claires-assets.com, in preparation for the planned malicious activity.
The hackers injected malicious code not only into the fashion retailer’s website, but also the online store of its sister brand Icing. The affected online stores are hosted on the eCommerce platform Salesforce Commerce Cloud, previously known as Demandware.
The injected code was designed to intercept the information customers entered during checkout, and send the data to the claires-assets.com server.
Added to the app.min.js file, which was hosted on the store servers, meaning that the attackers gained write access to the server, the web skimmer remained active until June 13. The code was attached to the submit button of the checkout form.
The skimmer was designed to grab the entire checkout form, encode it, and exfiltrate the data posing as an image file, supposedly in an attempt to avoid detection.
While it’s uncertain how the attackers managed to compromise the online stores in the first place, it’s clear that they anticipated a surge in online traffic following the lockdown. Moreover, Sansec believes that the h ..
Support the originator by clicking the read the rest link below.
