Acronis Cyber Protection Operation Center’s researchers have uncovered an ongoing Magecart campaign that uses realistic-looking fake payment screens to steal sensitive data from unsuspecting users. Magecart is a term used to describe several cybercrime groups that use online skimming techniques to steal personal data from websites, including customer details and payment information on e-commerce websites.
The latest iteration of the campaign injects a skimmer called Kritec to intercept the checkout process and display a fake payment dialog to victims. Kritec impersonates legitimate third-party vendors, like Google Tag Manager, to evade detection. After harvesting payment card details, a fake error message is briefly displayed to the victim before redirecting to the actual payment page. The threat actors use different domains to host the skimmer, each with a name suggesting that the attacks target different online stores with custom modals.
What is Magecart?
Magecart is a type of cyber attack that targets e-commerce websites in order to steal payment card information of customers. The attack involves injecting malicious code into the website's payment processing system, typically through vulnerabilities in third-party scripts or plugins used by the site.
Once the code is injected, it can capture the payment card details entered by customers and send them to the attackers' server. This can allow the attackers to conduct fraudulent transactions using the stolen card information, or sell the data on underground markets for profit.
Magecart attacks have affected a number of high-profile companies, including British Airways, Ticketmaster, and Newegg, among others. The attacks can be difficult to detect and prevent, as they often involve compromising third-party systems that are beyond the control of the website owners themselves.
How Can Ecommerce Sites protect themselves from Magecart?
To mitigate the risk of Magecart attacks, e-commerce sites should regularly update their software and plugins, monitor their payment processing systems for suspicious activity, and employ security measures such as encryption and two-factor authentication. Customers can also protect themselves by using payment methods that offer additional security features, such as virtual credit cards or payment services that do not require entering card details directly on the site.