According to Dutch security company Sansec, a new Magecart attack has been discovered targeting multiple e-commerce platforms with the same attack. Magecart, also known as e-skimming is usually done by inserting malicious scripts into a website’s checkout page. In this case, the attackers are displaying a fake payment page before customers land on the real payment page. The fake checkout page will record the data that was entered on it including the credit card information. From there, the fake page display returns an error to the victim when they attempt to proceed with the checkout. After the error is displayed, the victim will be redirected to the legitimate checkout page where they can continue to checkout, not knowing their information was already stolen. To help evade detection, the skimmer would also exfiltrate its data to automatically generated domains based on a counter and encoded using base64 encoding.
Analyst Notes
Typically, Magecart attacks affect one system after attackers find a flaw in that system. It is not as typical to see campaigns targeting multiple e-commerce sites. In this case, websites such as Shopify and BigCommerce stores were targeted in the attack. To prevent fraudulent charges by Magecart or any other credit card thieves, consumers should sign up for one-time user credit cards which can be purchased through verified services or some banks. These services allow the consumer to purchase a pre-loaded credit card that can only be used once or used multiple times but has a balance of zero until the money is added to it. By keeping the balance at zero, if the card were to be compromised, an attacker would not be able to purchase anything with the number. One-time use cards provide the buyer with a credit card number that expires after the purchase. Though these cards may seem like a hassle for many, they do not take that much time to register for and will relieve consumers of the stress that could be caused by having a card compromised.
More can be read here: https://www.bleepingcomputer.com/news/security/multi-platform-card-skimmer-found-on-shopify-bigcommerce-stores/
