Magecart: The American gun manufacturer Smith & Wesson had its online store compromised by an e-commerce website skimmer. Originally compromised on November 27, 2019, the skimmer was active until after Black Friday. The threat actor injected malicious JavaScript into the checkout page of the company to steal the credit card information that was entered into the website throughout the time it was active. While investigating occurrences of newly registered domains, Sanguine Security’s Willem de Groot found that the same threat actor that was registering domains for their company was also registering look-alike domain names similar to Smith & Wesson’s domain. According to researchers, the script is not easy to see because it will load either a non-malicious script or a malicious script, depending on the IP address of the visitor to the site and the section of the website that was visited. Most likely this was done to avoid detection by automated services that watch for malicious JavaScript injects.
Analyst Notes
Anyone who recently purchased products through the smith-wesson.com website should be vigilant in checking their credit card statements for any fraudulent transactions. At the time of this writing, Smith & Wesson had been contacted about the skimmer but did respond before the article was published. It is important to note for all online shoppers that just because the major shopping days have passed, shopping online leading up to Christmas is going to stay at an elevated rate. Companies can protect themselves from these types of attacks by utilizing a service such as the Binary Defense Counterintelligence team to search for any domains being registered that are similar to the company’s brand name or domain name that may turn out to be malicious or fraudulent. Binary Defense also provides monitoring of endpoints and servers around the clock to detect attacker behaviors and stop intrusions before major damage results. The full report from Bleeping Computer can be found here: https://www.bleepingcomputer.com/news/security/smith-and-wesson-web-site-hacked-to-steal-customer-payment-info/
