A security researcher collected in a span of a few weeks over 1,000 domains infected with payment card skimmers, showing that the MageCart continues to be a prevalent threat that preys on insecure web shops.
MageCart was first spotted over a decade ago by cybersecurity company RiskIQ but attacks have grown rampant over the past two years when big-name companies were hit -
British Airways,
Ticketmaster,
OXO,
Newegg.
Since then, automated systems tuned specifically to detect this type of threat found hundreds of thousands of websites that on checkout pages malicious JavaScript designed to steal card data from shoppers.
200 alerts sent, no reply
Using freely available tools and some elbow grease, security researcher
Max Kersten was able to compile a list of 1,236 domains that were hit by a web skimmer hosted on an external domain.
He started with
one domain that hosted a skimmer and the URL.io website scanning service. This allowed searching for a time when the skimmer domain changed in the infection chain.
... ...