Magecart attacks are decreasing but are becoming more stealthy

Magecart is still attacking many people, however the victims are less in number but they are becoming more stealthy than before.

What is Magecart?

Magecart is a group of hackers who are employed for stealing personal datas from online websites.

It steals customers’ credit card and debit card details from websites which accept online payments.

Magecarts are hardly in the limelight as compared to Ransomware, State – Sponsored campaigns which stand up in the news.

How is Magecart risky?

In the last few years, majorly, Cyber Security incidents involve attacks on sensitive data.

Additionally, it not only risks SMBs but also big brands have fallen to this cyberattack in the past including British Airways, Newegg and Ticketmaster.

Moreover, Magecart is also known as card-skimming attackers who often attacks in the backend content management system of a certain website and covertly invert spiteful JavaScript code.

This fixed code in the payment section of a website will gather any card details of any random customers and push them to an attacker controlled server.

Magecart privious activities –

Additionally, on 20th June,Malwarebytes researcher Jérôme Segura said that though Magecart attack rates have decreased.

But the recent reports suggest the market for stolen credit card information is still considered worthwhile.

And also a new campaign has shown that some operations still operate a ‘pretty wide infrastructure’.

Alternatively, a Sansec report of June 9 declared a new skimmer domain.

Whereas, on June 12, another researcher tweeted about being connected to a hacker e-commerce store.

Another user confirmed the same. Even the cybersecurity researchers turned back to their records and linked the recent Magecart activity to campaign back in 2021.

Amid which, a skimmer was hosted which was able to detect the use of Virtual Machine’s (VMs).

Conversely, the VM code is been removed from skimmer with unrecognisable reason and a new malware has different naming schemes.

This new campaign’s activities are probably tracing back to May 2020.

However, scanning the current way of Magecart attacks is a hard task.

If the Magecart threat actors decided to switch their operations exclusively server-side then the majority of companies, including ours, would lose visibility overnight,” Segura commented.

‘This is why we often look up to researchers that work the website cleanups. If something happens, these guys would likely notice it.’

‘For now, we can say that Magecart client-side attacks are still around and that we could easily be missing them if we rely on automated crawlers and sandboxes, at least if we don’t make them more robust’, Segura added.

Last year, Cloudflare launched a cybersecurity specifically to tackle Magecart – style attacks.