- Feb 4, 2016
A security researcher collected in a span of a few weeks over 1,000 domains infected with payment card skimmers, showing that the MageCart continues to be a prevalent threat that preys on insecure web shops.
MageCart was first spotted over a decade ago by cybersecurity company RiskIQ but attacks have grown rampant over the past two years when big-name companies were hit - British Airways, Ticketmaster, OXO, Newegg.
200 alerts sent, no reply
Using freely available tools and some elbow grease, security researcher Max Kersten was able to compile a list of 1,236 domains that were hit by a web skimmer hosted on an external domain.
He started with one domain that hosted a skimmer and the URL.io website scanning service. This allowed searching for a time when the skimmer domain changed in the infection chain.