Australian Bushfires Donation Website Compromised by Magecart Credit Card Skimming Attack

January 14, 2020 @ 12:05 PM
| |
2 min read

A website set up to collect donations for the Australian bushfires suffered a Magecart credit card skimming attack.

According to Bleeping Computer, digital attackers used a Magecart credit card skimming script to compromise a website that’s collecting donations for the Australian bushfires. The attack caused a malicious skimmer called ATMZOW to activate whenever a visitor to the site added an item such as a pre-determined donation amount to their cart and proceeded to checkout. When a visitor submitted their payment card credentials, ATMZOW stole the submitted information and exfiltrated it to vamberlo[.]com.

Malwarebytes researchers detected the attack and succeeded in shutting down vamberlo[.]com. This action freed individuals to begin using the site again without fear of having their payment card credentials compromised. Even so, the security firm’s researchers noted that those actors responsible for the attack could reactivate their skimmer by modifying it to work with another domain.

The Growing Threat of Magecart

The compromise described points to the growing threat of Magecart attacks. In October 2019, RiskIQ provided a glimpse into the state of Magecart. The security firm found that 17 percent of malvertisements contained Magecart skimmers and that these scripts, once activated, tended to remain active anywhere from 22 days to many years on the breached sites.

It’s no surprise that the FBI issued a warning about web skimming to small- and medium-sized businesses just a few weeks later in response. Not long thereafter, Malwarebytes observed that malicious actors had begun outfitting their Magecart skimmers with new evasion techniques to make detection of their compromises even more difficult.

How to Defend Against a Credit Card Skimming Attack

Security professionals can help defend their organizations against credit card skimming attacks by adopting a zero-trust model with JavaScript/JScript. Doing so will help block access to sensitive data in web forms commonly found in websites’ checkout processes. Security teams should also avoid third-party code, use extension blacklists and follow other Magecart mitigation tips.

 

David Bisson
Contributing Editor

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...
read more

Your browser doesn’t support HTML5 audio
Press play to continue listening
00:00 00:00