New ‘Magecart’ group used ad plugin to steal payment data from hundreds of websites
Hundreds of e-commerce websites have been hit with a card-skimming attack that compromised an advertising plugin, according to research from Trend Micro and RiskIQ. It’s the latest in a series of attacks linked to Magecart, an umbrella term for a set of hacking groups that use different methods to steal payment data from websites. Researchers said that while the attack resembled previous Magecart incidents, this one appears to have originated with a relatively new group that RiskIQ dubbed “Magecart Group 12.” Group 12’s attack affected 277 “ticketing, touring, and flight booking services as well as self-hosted shopping cart websites from prominent cosmetic, healthcare, and apparel brands,” according to Trend Micro. The researchers said the group had been a minor player in the past, finding ways to inject its code into individual e-commerce websites. But when the hackers infected a JavaScript library used by the French advertising firm Adverline in 2018, […]
The post New ‘Magecart’ group used ad plugin to steal payment data from hundreds of websites appeared first on CyberScoop.
Continue reading New ‘Magecart’ group used ad plugin to steal payment data from hundreds of websites