Since February, a prominent Magecart cybercriminal group has injected the same Java-based payment card skimmer program not one, not two, but three times into the compromised international website of blender manufacturer NutriBullet, researchers from RiskIQ have reported.
Each time a skimmer was removed from nutribullet.com, the criminal actors, known as Magecart Group 8, would reintroduce a replacement skimmer into the breached web environment, according to RiskIQ threat researcher Yonathan Klijnsma, in a company blog post on Wednesday.
NutriBullet and its parent company Capital Brands on Wednesday told SC Media that it remedied the website compromise on March 17, but RiskIQ’s report does not support this assertion. Rather, Klijnsma claims that NutriBullet did not respond to RiskIQ’s multiple attempts at private disclosure over the course of roughly one month’s time, and that it was RiskIQ who repeatedly took action to remove the attacker’s exfiltration domain, with the help of anti-malware project Abuse.ch and the nonprofit Shadowserver Foundation.
“Until NutriBullet acknowledges our outreach and performs a cleanup, we highly ..
Support the originator by clicking the read the rest link below.
