Magecart
Magecart is the name of various criminal groups that since 2015 have been trying to collect payment card information from online retailers. The technique used by Magecart to collect data is by installing a corrupted script on the Web pages that contain payment forms, which will collect the targeted information as soon as the purchaser provides it to the online store.
The latest attack of the Magecart group targeted Puma, the Australian Web store. Although Puma was alerted about the hack, it looks like its administrators didn't take any action to fix this threatening situation. However, Magento, the eCommerce platform responsible for Puma sales has released a patch for an expository vulnerability present on its version 2.2, which is the one used on Puma's Web store currently and this may be what the Puma administrators were waiting to disclose the attack publicly.
Table of Contents
Magecart’s polymorphic properties causes great concern
Upon its discovery, Magecart was found to be polymorphic where it may utilize a data exfiltration script and play itself off as a Google Analytics script or a known script for the purpose looking legitimate. Such a practices has been known to be prevalent in the community of computer hackers where they may disguise threats to be a legitimate entity to ward of detection or suspicion.
The attacks on the Puma Australia store is one of many targets for Magecart where it looks to act as a skimmer to collect point of sale data or simply gather credit card details from sales processed. What computer security researchers and experts have discovered is the Magecart skimmer process has already injected itself into several Magento-powered e-commerce sites. Many of the e-commerce sites, numbered in the dozens, have a sophisticated agenda to automate the workflow of the skimming process where localized payments can be tracked and automatically collected.
Magecart campaigns are growing in number and effectiveness
Magecart campaigns have grown in number and suspected to be in the thousands where compromised sites infected with payment card skimming scripts could be awaiting sale processes and then seek the point of sale data.
The Magecart attack targeted 57 payment portals and can collect data from eWAY Rapid, Payment Express, FatZebra in Australia and even Pin payments. However, Magecart attacks are not restricted to Australia; there have been reports of these attacks all over the world.
Security researchers have found that hundreds of Magento stores have been infected with the malicious skimmer scripts. In fact, sites like the online shop for the Atlanta Hawks NBA team were among those caught up in the path of Magecart. Right now, there is no definitive answer on the number of sites that are infected with malicious skimmer scripts. However, what is known, is that Magecart has paved a relentless path to destruction on the basis of collecting online sale data that may later be leveraged in a way to either sell off the data over the Dark web, compromise and access card accounts, make fraudulent charges with the collected data, or lead to cases of identity theft.
Is there a solution to Magecart?
The modular architecture of Magecart is giving cybercrooks a clear path to infect systems with malicious skimmer scripts. Unprotected and unpatched devices can be hacked easily, and this is why it is so necessary to keep all of your software always up to date, no matter if you have a personal computer or if you are the admin of a network. Warding off such an attack looks to be a difficult feat. Though, one would need to continue on a path to utilizing the proper resources to protect systems and website networks from the infection of Magecart and its malicious scripts.
Due to the potential calamity of Magecart and its future reach across thousands of e-commerce websites, certain entities have setup shop to provide a defense against web-based supply chain attacks like Magecart. In witnessing such entities setting up defenses and providing services to remedy the possible misfortune of a Magecart attack, we can easily conclude that Magecart is potentially a catastrophic threat that requires all of our attention.
