Security researchers have revealed details of two new attacks by Magecart cybercriminal group targeting Online bedding retailers MyPillow and Amerisleep.
According to the new report published by RiskIQ, hackers compromised both website and stole payment card information.
MyPillow website was breached in October 2018. The Attackers injected a skimming code to a site which was hosted on a look-alike domain of MyPillow and contained an SSL certificate issued by LetsEncrypt.
In the case Amerisleep the first attack was discovered in April 2017 which ran until at least October 2017.
The latest attack was discovered in December 2018 when they compromised the website injecting skimmers contained on Github account.
“In December 2018, the attackers had used a new skimming setup with a fascinating new method. The attackers abused Github by registering a Github account called “amerisleep” and creating the Github Pages address amerisleep.github.io:” said in the report published by RiskIQ.
In the recent attack against the company in January this year, the researchers observed that a different skimmer was injected with some conditional checks ensuring that script would only go on payment pages.
As of now, the skimmer domain has been taken offline, but the injection is still live on the website.
The attack against the MyPillow website was resolved and but never disclosed. In the case of Amerisleep researchers never got any response back despite numerous attempts.
In both cases, the companies did not issue any warnings or alerts regarding the breach to their customers.
You may be interested in reading:New MageCart Attack Campaign Targets E-Commerce Websites