Magecart reported targeting various magazine printing platforms
Researchers reported a Megacart skimming operation that has been targeting the platforms like magazine printing firm for a period of over 2.5 years. Key loggers run on payment WebPages of such platforms in order to perform the attack against customer payment card information and similar data.
Megacart attack was seen active in 2017. Its victims are the ones who subscribed to the printed version of the ESPN Maganize, Stars and stripes, military publication and many other similar sites of the same printing platform. At least 18 keyloggers were used for collecting the credit card info for hacking groups for 20 months, researchers’ report says.
The malicious actors clocked the credit card skimmers with fake content delivery network domains in order to hide the traffic. The malicious scripts are injected to checkout pages of e-commercial stores after the sites are hacked. The main aim of the attackers behind the Megacart attack is to collect the data submitted by users on the payment platform.
It is found that fee ngrok proxy software got used that allow the fraudsters to create a custom scheme and attempt to evade the detection. The details about the content delivery networks domains, contained malicious code and others got analyzed on the library. Once the check out page matches, the URL data gets collected to the platform. Such data include:
- Usernames,
- Addresses,
- Emails,
- Phone numbers,
- Credit card information
Jerome Segura, a researcher, who exposed this web skimmed stated:
Threat actors know they typically have a small window of opportunity before their infrastructure gets detected and possibly shutdown. They can devise clever tricks to mask their activity in addition to using domains that are either fresh or belong to legitimate (but abused) owners.