Magecart Group Likely Behind Increase in Formjacking Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


Magecart Group Likely Behind Increase in Formjacking Attacks


A recent analysis by Symantec researchers has found a significant increase in formjacking attacks. The reason, according to some, is an increase in activity from the Magecart group.



A extremely specific type of attack that is used to steal credit card details and other e-commerce data, called formjacking, has seen a significant spike over the last 30 days, according to a new analysis from Symantec.
Formjacking is a term that describes the use of malicious JavaScript code to steal credit card details, as well as other information from payment forms on the checkout web pages of e-commerce sites, such as Amazon or Wal-Mart.
While not a new technique, recent formjacking campaigns have shown them to be large, sophisticated, was well as increasing dramatically since mid-August. Symantec researchers claimed to have blocked 248,000 formjacking attempts since then. More than one third of those blocks -- 36% -- occurred from September 13 to 20, 
according to Symantec
.
When they compared the week of September 13 to the same week in August, the number of instances of formjacking had more than doubled. It was observed by Symantec that the blockage requests jumped from just over 41,000 to almost 88,500 -- a percentage increase of 117%.
(Source:
iStock
)
The increases in formjacking seem to be linked to Magecart, the name of a threat actor that has previously carried out this kind of online skimming. These types of schemes can be traced back to 2015, with attacks on Magneto e-commerce sites. Since then, the group has changed focus.
Willem de Groot, a security consultant, has been keeping tabs on these developments since they started and has been keeping a running tally on Twitter.
In the past two months, Magecart has been publicly linked to credit card information theft at Ticketmaster, British Airways, and Newegg as its malicious activities grow less specific in focus and broader in execution. (See
British Airways Already Facing Lawsuits Following Data Breach
.)
Those three widely known campaigns were dependent on third-party chat agent contractors to act as infection vectors. A chatbot from tech firm Inbenta had been used for customer support on the Ticketmaster websites that were formjacked.
A post-mortem showed that the malicious code may have been on the Ticketmaster website for almost a year. If you were an international Ticketmaster customer, you were warned by Ticketmaster that you may have been affected if you bought tickets between September 2017 and June 2018.
This wasnt just some skids at work. Altering the chatbot took some work. Executives with Inbenta have said that Magecart had exploited a number of vulnerabilities to target its front-end servers and alter the chatbot code.
There are other ways for Magecart to handle injection of malicious JavaScript than a poisoned supply chain, but few that are as efficient when all is in alignment.
The sudden growth in Symantecs blocking requests may be due to things becoming aligned.
For instance, Feedify is used by many websites to serve up push notifications to website visitors. It got hit by Magecart on September 11. While the company deleted the malware that Magecart has put into the site, it returned within 24 hours.
This caused some threat researchers to advise that companies stop using Feedify until the issue was resolved. However, for the British Airways and Newegg exploits, the initial infection vector that allowed the attackers to gain access to the websites is not known at this time.
This one isnt going away so soon.
Related posts:
Magecart Group Seen as Hidden Hand Behind Ticketmaster Attack
Verizon Study Finds PCI DSS Compliance Falls Worldwide
More Data Breaches in Store for US Retail Industry
Massive Data Breaches & Data Leak Hit Retail Industry in 1-2-3 Punch
— Larry Loeb has written for many of the last centurys major dead tree computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Magecart Group Likely Behind Increase in Formjacking Attacks