E-commerce is endangered again.
At least 19 popular electronic merchandising websites have been corrupted with a new version of the digital skimmer called 'Make Frame' by a current Magecart skimmer campaign intended at stealing payment card information of the customers.
Cyber security researchers have found out that this new data hacking effort inflicted HTML iframes into web pages for phishing crucial payment information of the buyers.
MakeFrame attacks are being executed by Magecart Group 7 due to its typical modus operandi of using compromised sites to host the skimming code, load the skimmer on other compromised websites and siphon off the stolen data.
This so far is the last in the series of hacking attacks by Magecart, an umbrella term for eight different hacking groups, all of which are intended at stealing credit card numbers.
The hackers at Magecart have successfully targeted many popular online business portals like NutriBullet, Olympics ticket reselling websites, Macy's, Ticketmaster, British Airways, consumer electronics giant Newegg, and many other e-commerce platforms.
The new MakeFrame Skimmer code, a blob of the hex-encoded array of strings and obfuscated code, is included between benign codes to escape detection, RiskIQ researchers said.
Once the skimmer is added on the victim site, MakeFrame also has provisions to emulate the payment method, use I-frames to create a payment form, detect the data entered into the fake payment form upon pressing of the "submit" button, and exfiltrate the card information in the form '.php' files to another compromised domain (piscinas ecologicas dot com).
In the wake of the corona crisis when housebound people are forced to purchase online such attacks on e-commerce websites have been on the rise. Hence the portals are requested to keep their software up-to-date, enable multi-factor authentication, segregate critical network infrastructure, and watch out for phishing attacks.
ISOEH is the organization that teaches the latest techniques of ethical hacking called Reverse Engineering.
Read more on cyber hacking in retail chains: https://www.isoeh.com/exclusive-blog-details-wawa-stores-fall-prey-to-payment-card-hacking.html