Officials at Qihoo 360, a leading Chinese cybersecurity firm, have revealed an ongoing credit card scam that steals the card payment information of thousands of customers visiting leading e-commerce websites. Researchers discovered that attackers have been injecting malicious JS scripts hosted on a malicious domain, www.magento-analytics [.] com, onto online shopping websites.
The JavaScripts include a credit card skimming code that when executed on a site, automatically steals vital information, such as credit card owner’s name, card number, expiry date and CVV number.
The technique used by scammers here is familiar and exactly the exactly same as what the MageCart credit card hacking groups used in their recent attacks including Ticketmaster, British Airways and Newegg. However, there are no explicit links being made to the MageCart groups this time.
Company researchers noted that this malicious domain has been stealing credit card information for five months or longer, with over a hundred websites already affected. This number could be higher, they said.
This attack reinforces the need for website administrators to apply the latest updates and patches, limit privileges for critical systems and harden web servers. They are also strongly advised to make use of the Content Security Policy (CSP) that effectively allows strict control over what content is allowed on the website. Online shoppers, meanwhile, must review their credit card statements for any irregular activity, and report it to the bank.