December 14, 2018
By Shane Schick 2 min read

An online retailer was hit by a JavaScript attack from a group associated with Magecart, a collective of cybercriminals that specializes in skimming credit card numbers from compromised websites, according to malware researchers at BroadAnalysis.

BroadAnalysis did not reveal the name of the online retailer in question, but posted a series of screenshots that showed the network traffic, index page and four different sniffer scripts used in the attacks. These included an exfil script, a loading script and a base64 string that linked the compromised site and stolen payment credentials back to the threat actor’s site.

The JavaScript attack is typical of Magecart, which has been linked to similar attacks aimed at e-commerce platforms such as Magento and OpenCart.

Skimming at Sotheby’s and Others

The discovery of the four different credit card skimmers comes less than a month after the auction house Sotheby’s sent a statement to several IT security publications about a similar Magecart attack against its Sotheby’s Home website (formerly Viyet) discovered in early October. The firm warned that the JavaScript attack may have been running and stealing customer payment data since March 2017.

Another security research report, meanwhile, suggested that a Magecart group has evolved its use of skimming tools to not only steal customer credit card data, but also website administrator credentials. This involves adding other keywords into the skimmer code to look for admin logins and passwords as well as the payment forms on e-commerce sites. Researchers discovered the technique in the analysis of a skimming campaign against an optical retailer’s e-commerce site.

How to Protect Your Organization From a JavaScript Attack

Although Magecart attacks can happen at any time, retailers should be particularly vigilant about this sort of JavaScript attack as more consumers turn to online purchases during the busy holiday shopping season.

Defending against this kind of threat starts with applying common best practices, such as limiting access and privileges for critical systems and hardening underlying web servers. Beyond that, organizations should also deploy change monitoring and detection technologies that can alert security teams of unusual activity, such as a change in their e-commerce web pages.

Sources: BroadAnalysis, SC Magazine, RiskIQ

 |  |  |  |  |  | 
Shane Schick
Writer & Editor
Shane Schick is a contributor for SecurityIntelligence.

More from

Risk Management   March 24, 2023

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Threat Research   March 23, 2023

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Data Protection   March 23, 2023

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Data Protection   March 23, 2023

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature