In a world that’s growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites.
Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are specialised in secretly implanting a special piece of code on compromised e-commerce sites with an intent to steal payment card details of their customers.
The malicious code—well known as JS sniffers, JavaScript sniffers, or online credit card skimmers—has been designed to intercept users’ input on compromised websites to steal customers’ bank card numbers, names, addresses, login details, and passwords in real time.
Magecart made headlines last year after cybercriminals conducted several high-profile heists involving major companies including British Airways, Ticketmaster, and Newegg, with online bedding retailers MyPillow and Amerisleep being recent victims of these attacks.
The initial success of these attacks already indicated that we are likely going to be seeing a lot more of it in coming days.
Security firm Group-IB today published a report, which it shared with The Hacker News prior to its release, detailing nearly 38 different JS-Sniffer families that its researchers documented after analysing 2440 infected e-commerce websites.
All these JS-Sniffer families have been categorised into two parts. The first one is the universal code that can be integrated into any website, for example, G-Analytics and WebRank families of JS-sniffers.
images from Hacker News
Recent Comments