Magecart hackers have been gathering sensitive information from thousands of online shops after compromising top ecommerce platform and service provider Volusion.
Over the past month, starting September 7, the hackers’ online credit card skimmers were active on 3,126 online shops hosted on Volusion, Trend Micro’s security researchers
report.
One of the websites affected by this incident is the Sesame Street Live online store,
reveals Marcel Afrahim, a researcher at Check Point.
The malicious code was injected into a JavaScript library provided by Volusion to their clients. The code was designed to load JavaScript stored on a Google Cloud Storage service, representing an almost identical copy of the legitimate library, but with the credit card skimmer carefully integrated into it.
The code was meant to copy personal information and credit card details submitted by users and send all the data to an exfiltration server belonging to the attackers.
