Magecart strikes again!
Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings.
Since Magecart is neither a single group nor a specific malware instead an umbrella term given to all those cyber criminal groups and individuals who inject digital card skimmers on compromised websites, it is not necessary for every one of them to use similar techniques with the same sophistication.
A new report shared with The Hacker News prior to its release details a new supply-chain attack campaign wherein hackers are using shotgun approach instead of targeted attacks to infect a wide range of websites, preferring larger infection reach as possible over accuracy.
Almost two months ago, security researchers from RiskIQ discovered supply-chain attacks involving credit card skimmers placed on several web-based suppliers, including AdMaxim, CloudCMS, and Picreel intending to infect as many websites as possible.
However, upon continuous monitoring of their activities, researchers found that the actual scale of this campaign, which started in early April 2019, is much larger than previously reported.
images from Hacker News