Latest Magecart-style campaign hits nearly 1,000 victims
A massive 962 online shops have had their customers’ card details stolen in just 24 hours, in the largest Magecart-style automated card skimming card campaign identified to date.
Our crawlers detected 962 breached stores last night. It is the largest automated campaign to date (previously: MGCore with 700 stores). Decoded skimmer: https://t.co/CCVakmMrR5pic.twitter.com/nIHQFwtRXN
— Sanguine Security Labs (@eComscan)July 5, 2019
Willem de Groot from Sanguine Security told Computer Business Review: “This is the largest number of breaches [of] stores over a 24-hour period, which implies that their operation is highly automated. Victims are from all over the world, so were likely chosen opportunistically.”
He added: “I am still waiting for logs to accurately say how they got compromised, but at first glance it appears to be a PHP object injection exploit for an existing vulnerability.”
Magecart Attacks are Rampant
US-based threat research firm RiskIQ says it has identified seven core Magecart groups; an umbrella term for threat groups using a range of card skimmers.
RiskIQ identified the groups by analysing unique sets of infrastructure (pools of IP addresses, domains and specific server setup fingerprints); skimmers (unique obfuscation techniques and loading strategies) and targeting (each uses different methods to reach their victims).