Magecart and Card Skimming Detection

Cloudsine Team

6 March 2023

5 min read

cardskimming

What is Magecart?
Magecart is a type of cybercriminal group that specializes in stealing credit card information from online stores (a.k.a card skimming). The group’s attacks typically involve injecting malicious code into the checkout pages of e-commerce websites to steal payment card data from customers.

The Magecart group is known to have targeted numerous high-profile e-commerce websites, including British Airways, Ticketmaster, and Newegg, resulting in the theft of millions of payment card records. The group is constantly evolving its tactics and techniques, making it a significant threat to online merchants and their customers.

How do Magecart attacks work?
Magecart attacks usually start with a security breach that allows the attackers to gain access to the targeted website’s infrastructure. The attackers then inject a small piece of malicious code into the website’s checkout page, which intercepts and steals customers’ payment card information as they enter it into the page. The stolen data is then sent to the attackers’ servers, where it can be used for fraudulent purchases or sold on underground markets. It can be difficult to detect attacks because the malicious code is often hidden within legitimate JavaScript code, making it difficult to identify. The attacks are also difficult to prevent because they can exploit vulnerabilities in third-party software used by e-commerce websites, such as shopping carts or payment processors.

How do we protect ourselves against Magecart attacks?
To protect against Magecart attacks, websites with payment pages should implement strong security controls, such as using secure coding practices, monitoring for unauthorized access or changes to website code, and implementing multi-factor authentication for administrative access. Additionally, online merchants should regularly test their website’s security and maintain compliance with industry security standards, such as the PCI-DSS.

WebOrion Monitor has capabilities to detect malicious javascripts and Magecart attacks on your website. If this is something you are interested in, please contact us at sales@weborion.io