Definition
Magecart is a universal term for groups that engage in online credit card skimming attacks. They target e-commerce websites and exploit security vulnerabilities to steal credit card details.
Typical Magecart Attack
- Initial compromise: The attackers gain unauthorized access to the targeted e-commerce site. They exploit weaknesses in the website’s code, third-party components, and poor security practices, such as weak passwords or outdated software.
- Injecting malicious code: Upon access, Magecart attackers inject malicious code into the website to capture payment card information from unsuspecting customers.
- Skimming and data theft: The injected code collects private information from customers, including addresses, names, phone numbers, credit card numbers, CVV codes, and more.
- Data exfiltration and fraud: After getting the payment card information, they can sell it on the black market, commit financial fraud and identity theft, or clone the cards for unauthorized purchases.
Magecart Attack Examples
- British Airways: In 2018, Magecart attackers compromised the payment page of the British Airways website, affecting over 380,000 transactions.
- Ticketmaster: In 2018, Magecart attackers breached Ticketmaster’s online payment system through a third-party chatbot, compromising the personal and payment information of around 40,000 customers.
- Newegg: In 2018, Magecart attackers compromised Newegg’s payment page, stealing payment card information from customers who made purchases on the website.
- Macy’s: Magecart attackers targeted Macy’s in 2019, injecting malicious code into its website to steal customer card information during checkout.
- Feedify: In 2019, Magecart attackers breached Feedify, an analytics provider, inserting skimming code into its JavaScript library to steal payment card information from multiple websites.