Magecart: Sixth June, a popular online clothing store in Europe, is one of the most recent victims in a Magecart e-skimming campaign. The website has had malicious credit card stealing scripts running on their checkout pages since October 23rd, 2019. A researcher whose Twitter handle is “@jknsCO” reported the initial skimming malware to Sixth June but did not receive a response from them. The skimmer was still up and running as of October 28th. In this case, the threat actors managed to steal the details of credit cards collected on standard checkout pages as well as input from any page it loads–including email addresses, usernames, passwords, and address details. Magecart is a term that is used by many to describe the act of card skimming but is used by multiple different groups. To read more about the attack on Sixth June visit: https://www.bleepingcomputer.com/news/security/sixth-june-fashion-site-hacked-to-steal-credit-cards/.
Analyst Notes
Magecart attacks have been very common and will continue to grow in the coming holiday months. Best security practices are recommended when shopping online and companies that have online checkout pages should monitor for malicious scripts loading on their websites. Anyone that has checked out on Sixth June’s website since the attack started should monitor their credit card and bank statement for fraudulent charges as it is likely they were skimmed through the website.
