Sites hacked with credit card stealers undetected for months

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,104
In October 2021, Akamai researchers discovered a Magecart attack on SCUF Gaming International, a leading manufacturer of custom PC and console controllers, which resulted in the compromise of the financial details of 32,000 people.

By investigating deeper, the analysts found that the same actor responsible for the attack against SCUF was operating an extensive network of skimmers that stole credit card details from several sites. These are:
  • whitemountainshoes.com – Shoes and footwear (Alexa rank: 425k)
  • goldboutique.com – Jewelry (Alexa rank: 1.4 M)
  • nafnaf.com – Fashion apparel (Alexa rank: 85k)
  • schlafstaette.de – Sleep products
  • proaudiostar.com – Professional audio equipment (Alexa rank: 150k)
  • truebrands.com – Professional beverage accessories (Alexa rank: 113k)
  • loudmouth.com – Clothing and special apparel (Alexa rank: 1.2 M)
The smaller the Alexa rank number, the more traffic that website receives, so the longer the skimmer stays undetected, the more credit card details Magecart actors steal.
As such, actors limit the activity on their scripts to only valuable pages to keep their skimmers hidden on infected sites, making Akamai's investigation harder.

"We found that the skimmer's command and control (C2) server responds with clean code when running on non-sensitive pages...," explains Akamai's report.
"…and (the skimmer) only sends the malicious code if it runs on checkout pages, where credit card information can be found."
 
Top