Magecart: TrueFire, which is an online tutoring website that teaches guitar, has alerted its customers that their data was exposed to unauthorized parties. TrueFire stated that they do not store credit card information on their website, but threat actors managed to steal credit card information as it was entered by customers completing the checkout process. Magecart attacks work by injecting malicious code into a compromised website in the form of an e-skimmer that allows the threat actors to steal card numbers even if the website does not store the information. Technical details of the attack were not shared by the company other than the fact that the attack was noticed on January 10th, 2020 and stopped on January 14th. However, it appeared to have been stealing credit card numbers since August 3rd, 2019.
Analyst Notes
Magecart attacks are relatively common because of the growing amount of online shopping and other websites that accept credit card payments. Website operators should closely monitor the JavaScript code used by their online checkout system, including any third-party code, for changes that could indicate an e-skimmer has been planted. Monitoring web servers for unauthorized access and unusual patterns of behavior can also alert website owners of a potential attack. Any customers who made purchases from the website between August 3rd, 2019 and January 14th, 2020 should be on the lookout for any fraudulent charges on their credit card. The use of virtual, one-time-use credit cards for online shopping can help victims avoid any fraudulent credit card charges, even if the card number is stolen from an online purchase. To read more visit: https://securityaffairs.co/wordpress/99875/hacking/truefire-magecart-attack.html
