Australian Bushfire donors’ data are stolen from compromising site

Researchers find a Megacart script on a donating site for Australian Bushfires

Malwarebytes Intelligence Team has discovered a compromised site -for collecting donation for Australia Bushfires victims by injecting Megacart script- that allows unknown attackers to get the credit card or other payment information submitted by the donors.

The attack, called Megacart involves a hackers’ compromising site and malicious JavaScript to the checkout pages. The script steals the submitted credit card or other payment information and then sends it to the site of hackers’ control.

Attackers loads ATMZOW -a malicious credit-card skimmer script -into the checkout pages when a visitor adds an item to their cart such as a donation and when they submit the payment as a part of the checkout process, the malicious script steal the submitted details and sends it to malicious site name vamberlo.com.

Malwarebytes’ Jérôme Segura told that they were able to shut down this domain. This means, the visitors’ data will no longer have stolen. The malwarebyters tried to contact to the site about the malicious script injected into their eCommerce store but got no any heard back at this moment.

Troy Mursch from Bad Packets Report has discovered 39 more sites that currently have the same malicious script. While it is not known yet where these sites utilizing the same domain to send payment information, if they are, then with the shutdown of vamberlo.com domain, they will also not active as well.