How does Magecart work?

Magecart works by operatives gaining access to websites either directly or via third-party services and injecting malicious JavaScript that steals data shoppers enter into online payment forms, typically on checkout pages. Magecart operatives either breach sites directly or via supply chain attacks. Supply chain attacks target third-parties that supply code to websites. Suppliers can include vendors that integrate with sites to add or improve site functionality or cloud resources from which websites pull code, such as Amazon S3 Buckets. These third-parties integrate with thousands of websites, so when one supplier is compromised, Magecart has effectively breached thousands of sites at once.

Who does Magecart Target?

Magecart mainly targets e-commerce websites, aiming to inject their JavaScript skimmers on checkout pages. However, Magecart breaches many different types of sites because they can steal other types of sensitive, monetizable data entered into any online web forms. Magecart takes advantage of online businesses’ general lack visibility into their web-facing attack surfaces. In many cases, the victims have no idea the JavaScript on their site has been changed, allowing the malicious code to exist there indefinitely. In the case of supply-chain attacks, it’s common a victim does not know that the compromised third-party JavaScript on their site is dangerous — or that they’re even running code from the breached supplier.

What Is Magecart?

Research

Magecart: The State of a Growing Threat

Magecart is a rapidly growing cybercrime syndicate comprised of dozens of subgroups that specialize in cyberattacks involving digital credit card theft. By placing its malicio...

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

5-Questions Security Intelligence Must Answer

Threat Investigations and Response RiskIQ Solution Brief

Illuminate One-Hour On-Demand Event

Magecart: The State of a Growing Threat

Gift Cardsharks

Inside Magecart

MakeFrame: Magecart Group 7’s Latest Skimmer

Magecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of Victims

Magecart Group 12’s Latest: Actors Behind Cyberattacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign

The Consumer Guide to Shopping Safely in the Age of Magecart

Old Magecart Domains are Being Bought Up for Monetization

What’s in a Malvertisement? More Magecart and a 186% Spike in Drive-by Delivery

Spray and Pray: Magecart Campaign Breaches Websites En Masse Via Misconfigured Amazon S3 Buckets

Magecart Supply-chain Frenzy Continues With AppLixir, RYVIU, OmniKick, eGain, AdMaxim, CloudCMS & Picreel

Magento Attack: All Payment Platforms are Targets for Magecart Attacks

Consumers May Lose Sleep Over These Two New Magecart Breaches

Magecart Isn’t Just a Security Problem; It’s Also a Business Problem

Magecart Group 4: Never Gone, Always Advancing – Professionals In Cybercrime

New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks

In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct

CBS News: A Look Behind the Magecart Assault on E-commerce

The Magecart Seal of Approval: Cybercriminal Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved

Another Victim of the Magecart Assault Emerges: Newegg

Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims

Uncovering Magecart With RiskIQ Data: How We Did It

Inside and Beyond Ticketmaster: The Many Breaches of Magecart

Magecart Threat Actors are Reshipping Items Purchased with Stolen Cards via Mules in the U.S.