Magecart Campaign Steals Credit Card Data From E-commerce Sites Since 2022
These articles are AI-generated summaries. Please check the original sources for full details.
Long-Running Web Skimming Campaign Targeting Payment Networks
A sophisticated web skimming campaign has been actively stealing credit card data from e-commerce checkout pages since January 2022, impacting major payment networks like Mastercard and American Express. Researchers at Silent Push discovered the campaign utilizing a domain, cdn-cookie[.]com, to host obfuscated JavaScript payloads designed to intercept sensitive payment information.
Why This Matters
Ideal e-commerce security models assume robust server-side validation and secure payment gateways; however, client-side attacks like Magecart exploit vulnerabilities in website code, bypassing these defenses. The scale of these attacks is significant, with successful breaches leading to substantial financial losses for both customers and businesses – estimated in the billions of dollars annually – and damaging brand reputation.
Key Insights
- Magecart origins, 2010: Initially focused on Magento platforms, the term now encompasses all web skimming attacks.
- DOM manipulation: Skimmers inject malicious JavaScript to alter the Document Object Model, replacing legitimate forms with fakes.
- Evasion techniques: The skimmer checks for WordPress admin elements (“wpadminbar”) to avoid execution on administrator pages.
Working Example
// Example of a simplified skimmer check for WordPress admin bar
if (document.getElementById('wpadminbar')) {
// Self-destruct sequence - remove skimmer code
console.log('Admin detected, self-destructing...');
// Code to remove injected elements would go here
}Practical Applications
- Use Case: E-commerce platforms utilizing third-party JavaScript libraries are susceptible to supply chain attacks where malicious code is injected into legitimate dependencies.
- Pitfall: Relying solely on Content Security Policy (CSP) without regular audits can allow attackers to bypass protections through subtle code modifications.
References:
Continue reading
Next article
Malicious Chrome Extension Steals MEXC API Keys via Trading Tool Disguise
Related Content
Global Smishing Campaign Linked to 194,000 Malicious Domains and Over $1 Billion in Fraud
A China-linked cybercriminal group, Smishing Triad, has used 194,000 malicious domains since 2024 to execute a global phishing operation, generating over $1 billion in fraud through smishing attacks targeting financial and government services.
The hidden safety threat lurking online
Exposed personal data on broker sites fuels scams, stalking, and identity theft, with data removal tools offering a path to reduced risk.
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
Qilin ransomware, a Russian-speaking threat group, has targeted 84 victims monthly since 2025, using RMM tools, BYOVD exploits, and backup system breaches to deploy hybrid attacks across multiple sectors.