Labs Magecart

Compromised E-commerce Sites Lead to “Magecart”

Most methods used by attackers to target consumers are commonplace, such as phishing and the use of malware to target payment cards. Others, such as POS (point of sale) malware, tend to be rarer and isolated to certain industries. However, some methods are downright obscure—Magecart, a recently observed instance of threat actors injecting a keylogger directly into a website, is one of these.

Targeting Consumers Via Retailer Payment Platforms

Since the widely publicized breach of Target Corporation, there has been a significant increase in awareness of activity surrounding POS (point of sale) system breaches. But web-based keylogger injection incidents continue to be little-known, even though they've been occurring for even longer than threats related to many high-profile breaches.

In 2000, the discovery of a vulnerability in versions of the widely-deployed Cart32 software, which enables consumers to shop online, gave threat actors access to the application as the administrator so they could dump credit card data and run commands on the hosting server. In 2007, discussions like this in the OSCommerce community illustrated more instances. Later in 2011, analysis showed additional mass compromise activity in OSCommerce pushing online store visitors to information-stealing malware.

Since then, this kind of activity increased, affecting other popular shopping cart software implementations.

Continue Reading