Magecart Hackers Inflict 19 Websites with I-frame Skimmers to Hack Payment Data

E-commerce is endangered again.

At least 19 popular electronic merchandising websites have been corrupted with a new version of the digital skimmer called 'Make Frame' by a current Magecart skimmer campaign intended at stealing payment card information of the customers.

Cyber security researchers have found out that this new data hacking effort inflicted HTML iframes into web pages for phishing crucial payment information of the buyers.

MakeFrame attacks are being executed by Magecart Group 7 due to its typical modus operandi of using compromised sites to host the skimming code, load the skimmer on other compromised websites and siphon off the stolen data.

That is usually done by bad actors compromising a company's online store to siphon credit card numbers and account details of users who are purchasing from the corrupted site by placing malicious JavaScript skimmers on payment forms.

This so far is the last in the series of hacking attacks by Magecart, an umbrella term for eight different hacking groups, all of which are intended at stealing credit card numbers.

The hackers at Magecart have successfully targeted many popular online business portals like NutriBullet, Olympics ticket reselling websites, Macy's, Ticketmaster, British Airways, consumer electronics giant Newegg, and many other e-commerce platforms.

Cyber researcher RiskIQ said the hacking took just 22 lines of JavaScript code infection for the threat actors to gain illegal access to the sensitive financial data.

The new MakeFrame Skimmer code, a blob of the hex-encoded array of strings and obfuscated code, is included between benign codes to escape detection, RiskIQ researchers said.

Once the skimmer is added on the victim site, MakeFrame also has provisions to emulate the payment method, use I-frames to create a payment form, detect the data entered into the fake payment form upon pressing of the "submit" button, and exfiltrate the card information in the form '.php' files to another compromised domain (piscinas ecologicas dot com).

In the wake of the corona crisis when housebound people are forced to purchase online such attacks on e-commerce websites have been on the rise. Hence the portals are requested to keep their software up-to-date, enable multi-factor authentication, segregate critical network infrastructure, and watch out for phishing attacks.

ISOEH is the organization that teaches the latest techniques of ethical hacking called Reverse Engineering.

Read more on cyber hacking in retail chains: https://www.isoeh.com/exclusive-blog-details-wawa-stores-fall-prey-to-payment-card-hacking.html