Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

magecart website hacking

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers.

According to a report published today and shared with The Hacker News, RiskIQ researchers spotted a new digital skimmer, dubbed “MakeFrame,” that injects HTML iframes into web-pages to phish payment data.

MakeFrame attacks have been attributed to Magecart Group 7 for its approach of using the compromised sites to host the skimming code, load the skimmer on other compromised websites, and siphon off the stolen data.

Magecart attacks usually involve bad actors compromising a company’s online store to siphon credit card numbers and account details of users who’re making purchases on the infected site by placing malicious JavaScript skimmers on payment forms.

It’s the latest in a series of attacks by Magecart, an umbrella term for eight different hacking groups, all of which are focused on stealing credit card numbers for financial gain.

Hackers associated with Magecart tactics have hit many high profile websites in the past few years, including NutriBullet, Olympics…

http://feedproxy.google.com/~r/TheHackersNews/~3/rXpzc9AEA7g/magecart-digital-skimmer.html

Have a comment? Type it below!