Shopped recently from a small online store? Check this list to see if it was one of 570 websites infected with card-skimming Magecart

Shopped recently from a small online store? Check this list to see if it was one of 570 websites infected with card-skimming Magecart

The payment-card-skimming Magecart malware has turned up on yet more websites, this time 570 spanning 55 countries, it emerged this week.


The team at security biz Gemini Advisory said a long-running criminal gang dubbed Keeper compromised hundreds of online shopping sites over the past three years to install the software nasty.


We're told 85 per cent were infected after the hackers exploited known flaws in the open-source Magento content management system (CMS) popular among e-commerce businesses and used by the sites. WordPress and Shopify were also exploited in some cases, though they were a distant second and third to Magento, each comprising only about five per cent. Magecart hides JavaScript on the web stores' payment pages so that as victims type their bank card details and other personal information into forms when buying stuff, the data is siphoned off to fraudsters to use.


Keeper, a reference to its repeated usage of fileskeeper[.]org as a base of operations, is one of a number of crooked crews to have adopted Magecart as their preferred method of harvesting private card data. Typically, the card-skimming code is just plonked onto an infected site's webpages as-is and left to collect data as it's entered. However, Gemini Advisory said it has seen the malware's JavaScript embedded within company logos and other image files on a page using steganography, and extracted when needed, to evade easy detection.


In many cases, the sites belong to small retailers who have little to no dedicated IT security personnel, and thus are unlikely to keep up with patching security holes in their CMS installations. This leaves the sites easy prey for card-swiping outfits like the Keeper crew.


shopped recently small online store check websites infected skimming magecart