Threat Watch

201 Campus Stores Across North America Hit in Skimming Attack

Mirrorthief: A group called Mirrorthief has been found to be targeting 201 campus bookstores in the United States and Canada with the Magecart malware.  The malware is being used to harvest full names, card numbers, addresses, and phone numbers from checkout pages for online book stores.  All of the checkout pages where the group was able to hide their script share one major common feature, all were created by the developer PrimRBS. This specific instance of Magecart appears to have been tailored specifically to exploit pages created by PrimRBS.  The attack took place on April 14th and PrimRBS was made aware on the 26th.  According to a spokesman for PrimRBS, they immediately reacted by actively seeking to bolster their security measures as well as reaching out to customers and law enforcement.

 

ANALYST NOTES