Web skimming

Web skimming, formjacking or a magecart attack is an attack where the attacker injects malicious code into a website and extracts data from an HTML form that the user has filled in. That data is then submitted to a server under control of the attacker.[1][2]

Mitigation

Subresource Integrity or a Content Security Policy can be used to protect against formjacking, although this does not protect against supply chain attacks. A web application firewall can also be used.[2][3]

Prevalence

A report in 2016 suggested as many as 6,000 e-commerce sites may have been compromised via this class of attack.[4] In 2018, British Airways had 380,000 card details stolen in via this class of attack.[5] A similar attack affected Ticketmaster the same year with 40,000 customers affected[6] by maliciously injected code on payment pages.

Magecart

Magecart is software used by a range[7] of hacking groups for injecting malicious code into ecommerce sites to steal payment details.[8] As well as targeted attacks such as on Newegg,[9] it's been used in combination with commodity Magento extension attacks.[10] The 'Shopper Approved' ecommerce toolkit utilised on hundreds of ecommerce sites was also compromised by Magecart[11] as was the conspiracy site InfoWars.[12]

According to Malwarebytes, the Magecart software has tried to avoid detection by using the WebGL API to check whether a software renderer such as "swiftshader", "llvmpipe" or "virtualbox" is used. That would indicate that the software is running in a virtual machine and that the user is not a real world victim.[13]

References

  1. Reddy, Niranjan (2019). Practical Cyber Forensics : an Incident-Based Approach to Forensic Investigations. Berkeley, CA. ISBN 978-1-4842-4460-9. OCLC 1110377452.{{cite book}}: CS1 maint: location missing publisher (link)
  2. "You Need to Protect Your Website Against Formjacking Right Now". PCMag. Retrieved 2021-05-20.
  3. Wueest, Candid. "Internet Security Threat Report - Formjacking: How Malicious JavaScript Code is Stealing User Data from Thousands of Websites Each Month". Symantec.
  4. Ismail, Nick (13 October 2016). "Stowaways: malicious skimming code hiding in almost 6,000 online shops". Retrieved 9 December 2018.
  5. Whittaker, Zack (11 September 2018). "British Airways breach caused by credit card skimming malware, researchers say". Retrieved 9 December 2018.
  6. Priday, Richard (28 June 2018). "The Ticketmaster hack is a perfect storm of bad IT and bad comms". Retrieved 9 December 2018.
  7. Whittaker, Zack (13 November 2018). "Meet the Magecart hackers, a persistent credit card skimmer group of groups you've never heard of". Retrieved 9 December 2018.
  8. Muncaster, Phil (1 October 2018). "Magecart: Time to Focus on Web Security to Mitigate Digital Skimming Risk". Archived from the original on 10 December 2018. Retrieved 9 December 2018.
  9. Osborne, Charlie (19 September 2018). "Magecart claims another victim in Newegg merchant data theft". Retrieved 9 December 2018.
  10. Cimpanu, Catalin (23 October 2018). "Magecart group leverages zero-days in 20 Magento extensions". Retrieved 9 December 2018.
  11. Leyden, John (9 October 2018). "Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites". Retrieved 9 December 2018.
  12. Blake, Andrew (14 November 2018). "Alex Jones' Infowars store infected with malware capable of skimming payment data". Retrieved 9 December 2018.
  13. "Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar". Threatpost. Retrieved 2022-04-03.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.