A massive 962 online shops have had their customers’ card details stolen in just 24 hours, in the largest Magecart-style automated card skimming card campaign identified to date.
That’s according to Amsterdam-based eommerce fraud protection specialist Sanguine Security Labs, which identified the attacks today.
The company – which provides a Magento malware scanner – has shared the skimmer’s codebase on a GitHub repo.
Magento is a widely used, open source-based ecommerce platform written in PHP that handles over $100 billion in gross merchandise volume every year.
Our crawlers detected 962 breached stores last night. It is the largest automated campaign to date (previously: MGCore with 700 stores). Decoded skimmer: https://t.co/CCVakmMrR5 pic.twitter.com/nIHQFwtRXN
— Sansec (@sansecio) July 5, 2019
Willem de Groot from Sanguine Security told Computer Business Review: “This is the largest number of breaches [of] stores over a 24-hour period, which implies that their operation is highly automated. Victims are from all over the world, so were likely chosen opportunistically.”
He added: “I am still waiting for logs to accurately say how they got compromised, but at first glance it appears to be a PHP object injection exploit for an existing vulnerability.”
Magecart Attacks are Rampant
Among the most high-profile victims: British Airways, which had 380,000 customers’ payment details stolen in a card skimming attack last August (2018).
US-based threat research firm RiskIQ says it has identified seven core Magecart groups; an umbrella term for threat groups using a range of card skimmers.
RiskIQ identified the groups by analysing unique sets of infrastructure (pools of IP addresses, domains and specific server setup fingerprints); skimmers (unique obfuscation techniques and loading strategies) and targeting (each uses different methods to reach their victims).