Magecart Cybergang Targets 0days in Third-Party Magento Extensions

Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign. Continue reading Magecart Cybergang Targets 0days in Third-Party Magento Extensions

Magecart Injects Skimmer Code in Customer Rating Widget

The groups of attackers who specialize in injecting payment card skimmer code called Magecart into online shops managed to compromise a third-party customer rating plugin called Shopper Approved that’s used by thousands of websites. The compromi… Continue reading Magecart Injects Skimmer Code in Customer Rating Widget

Magecart group compromises customer ratings tool, affecting ‘hundreds’ of online stores

Researchers with RiskIQ say they have uncovered and helped resolve a credit card-skimming threat that targeted a third-party web app that manages customer reviews.  The company attributes the threat to Magecart, a loosely associated set of hacking groups that exploit vulnerabilities in widely used third-party scripts. Magecart has been linked to similar payment data breaches with Ticketmaster UK, Newegg, British Airways and others. But Yonathan Klijnsma, head researcher at RiskIQ, explained to CyberScoop that Magecart is more of an umbrella term to describe the independent groups that exchange and imitate other groups’ procedures. In this case, RiskIQ says that a tool made by e-commerce software company Shopper Approved was compromised by Magecart threat actors, giving them the ability to skim payment information from the checkout pages of “a few hundred” online stores using the tool. RiskIQ labels this Magecart group “Group 5” and says it’s the same one that targeted Ticketmaster. The tool […]

The post Magecart group compromises customer ratings tool, affecting ‘hundreds’ of online stores appeared first on Cyberscoop.

Continue reading Magecart group compromises customer ratings tool, affecting ‘hundreds’ of online stores