- Hundreds of e-commerce website were affected by new MageCart attack campaign.
- Attackers infected Websites through a compromised advertising script belonging to French online advertising company Adverline.
- A new group called Magecart Group 12 were behind the attack.
Security researchers have discovered new MageCart attack campaign targeting e-commerce website through third party service providers.
In this case, the skimming code was not directly injected in to the e-commerce website but through a compromised advertising script belonging to French online advertising company Adverline.
MageCart Group 5 was reported to be responsible for hacking of 12 third-party companies through which infection of thousands of e-commerce websites.
In the analysis, researchers discovered 12 skimming code in websites embedded with Adverline’s retargeting script.
MageCart Group 12 uses two obfuscated scripts. The first script loads fingerprinting script which checks whether it’s a valid user if not it would not load the second script, the skimming code.
If its valid users, the second script before loading skimming code check whether URL contains following keywords onepage, checkout, store, cart, pay, panier, kasse, order, billing, purchase, basket, ymix, or paiement.
Once it detects any of the keywords in the URL it will load the skimming code and extract all payment information entered on the website and send to attackers remote server.
According to Trend Micro, Adverline was alerted about the incident and have cleaned up their code now.
You may be interested in reading:Blur Data Breach Potentially Exposed Data of 2.4 Million Users