Blender manufacturer NutriBullet on Wednesday said it had identified and removed malicious code on its website that allowed attackers to steal data from customers entering payment card information on it when purchasing products.
The move came about one month after security vendor RiskIQ first detected the malware on NutriBullet's website and apparently informed the company about it shortly thereafter. According to RiskIQ, NutriBullet did not respond to multiple attempts to alert it about the issue until today.
Researchers at RiskIQ, working in concert with ShadowServer and Abuse.ch — two malware fighting nonprofits — instead took down the domain the attackers were using to store stolen credit card data. The effort resulted in the card-skimmer being removed from NutriBullet's website on March 1, only to be replaced with a new one on March 5.
RiskIQ once again worked to neutralize the attacker's data-exfiltration domain and, in a repeat of the first time, the threat actors placed a new card skimmer on NutriBullet's website a few days later. Over the past few weeks, the criminals had access to NutriBullet's infrastructure and continued to be able replace the skimmer domain in the code to make it work again, RiskIQ said in a report Wednesday. Customers who placed orders on NutriBullet's website between February 20 and today are likely to have been affected, RiskIQ said.
In an emailed statement to Dark Reading, NutriBullet acknowledged the issue and claimed the matter had been quickly resolved. NutriBullet's statement suggested the company first learned of the skimmer today, which is at odds with RiskIQ's claims about the company having been notified previously about the issue. RiskIQ has continued to maintain that it made mult ..
Support the originator by clicking the read the rest link below.
