Websites of eight US cities poisoned by malware skimming the credit card details of residents

Websites of eight US cities poisoned by malware skimming the credit card details of residents

What do they have in common? The Click2Gov online utility payment system







Beware if you’re paying your bills for local government services – the payment information you type into that web form may be heading straight to cybercriminals.


Security experts at Trend Micro report that they have identified eight cities in the USA where online payment portals have been compromised to host Magecart-style credit card skimming code.


Magecart is a family of Javascript malware used to steal credit card details and personal information from unsuspecting internet users as they interact with websites – often as sensitive details are entered to make a purchase.


What makes this type of attack often more serious than a conventional data breach, is that most companies do not store your full credit card details, such as your CVV security code. But those details are entered on online checkout forms by consumers, and can be stolen by a malicious script hidden in the website’s code.


As Trend Micro explains, the common factor between the affected websites they have uncovered is that they all use the third-party Click2Gov platform:



These sites all appear to have been built using Click2Gov, a web-based platform meant for use by local governments. It is used to provide services such as community engagement, issues reporting, and online payment for local goverments. Residents can use the platform to pay for city services, such as utilities.



According to the researchers, the attacks against the eight unnamed US cities s ..

Support the originator by clicking the read the rest link below.