Researcher finds 1,236 domains infected with credit card stealers


Level 37
Thread author
Top poster
Feb 4, 2016
A security researcher collected in a span of a few weeks over 1,000 domains infected with payment card skimmers, showing that the MageCart continues to be a prevalent threat that preys on insecure web shops.

MageCart was first spotted over a decade ago by cybersecurity company RiskIQ but attacks have grown rampant over the past two years when big-name companies were hit - British Airways, Ticketmaster, OXO, Newegg.

Since then, automated systems tuned specifically to detect this type of threat found hundreds of thousands of websites that on checkout pages malicious JavaScript designed to steal card data from shoppers.

200 alerts sent, no reply

Using freely available tools and some elbow grease, security researcher Max Kersten was able to compile a list of 1,236 domains that were hit by a web skimmer hosted on an external domain.
He started with one domain that hosted a skimmer and the website scanning service. This allowed searching for a time when the skimmer domain changed in the infection chain.
... ...