Australia has been very much in the news for the huge losses caused by bushfires to humans and wildlife alike. In order to help the people fighting it out on the frontline, many organizations have set up online donation gateways on their respective websites. But the Malwarebytes Threat Intelligence Team has found a legitimate donation collecting website that has been compromised by a MageCart script.
Hackers planted a MageCart script on the checkout page of the website to steal the payment information of the donors. This information was then sent to a domain controlled by the hackers. The research team confirmed that the software used for skimming is known as ATMZOW. On completing the donation process successfully, the stolen card details were then sent to a website vamberlo.com
Malwarebytes’ Jérôme Segura told BleepingComputer, that once they became aware of the compromised website, they were able to get the vamberlo.com domain shut down.
Since the malignant domain used by the hackers has been shut down, the skimmer is not able to send the stolen card data to the hackers. Still, the hackers can use a new domain to restart this attack using a new domain address. The only way to secure the website completely is to remove the MageCart script. But the malicious code is yet to be removed. The ATMZOW skimming MageCart script has also been discovered on 39 other websites.
Earlier in November 2019, Macy’s, an American department store chain, stated that its customers were hit by an attack that affected countless numbers of credit cards. The retailer stated that unknown intruders planted a card-stealing malware script on its payment site and collected customer details.
According to an official statement, the attackers installed a MageCart script on the checkout page of its website and siphoned off customers’ payment card details between October 7 and October 15, 2019. The compromised data included customers’ names, addresses, phone numbers, credit card numbers, card verification codes, and expiration dates.