Smith & Wesson Web Site Hacked to Steal Customer Payment Info

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
American gun manufacturer Smith & Wesson's online store has been compromised by attackers who have injected a malicious script that attempts to steal customer's payment information.

This type of attack is called MageCart and is when hackers compromise a web site so that they can inject malicious JavaScript scripts into ecommerce or checkout pages. These scripts then steal payment information that is submitted by a customer by sending it to a remote site under the attacker's control.

According to Sanguine Security's Willem de Groot, a Magecart group has been registering domain names named after his company and utilizing his name as the domain contact.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
I'm really genuine stunned that a company like this use the CMS platform Dupral and to make things even worse, still using version 7 when the latest is 8.7.

zMMmkrLm_o.jpg

Update! They use Dupral on their main site but Magneto on their store/shopping site/domain. The exact version for Magneto I can't find, but PHP is 7.1. That makes me suspect even Magneto is an older version.
 
Last edited:

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
One more reason to use a script blocker like uMatrix/NoScript.
I just tested and here's the result, on my main browser Firefox with uMatrix installed the script is blocked so users would be safe.
While in Microsoft Edge and Brave where I don't have uMatrix the script has loaded with success so users data would be compromised.

Firefox with uMatrix:
1.png2.png
Edge:
3.PNG
Brave:
4.PNG
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Consumers have few options to stay safe against Magecart. Using browser plugins that block loading of JavaScript helps in the case of untrusted websites but it's of no use with those already whitelisted.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Consumers have few options to stay safe against Magecart. Using browser plugins that block loading of JavaScript helps in the case of untrusted websites but it's of no use with those already whitelisted
If it's a third party script like the example above even in a trusted compromised website then script blocking extension will do the job.
 
Last edited:

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Would the Netcraft extension help here?
I don't have any experience with Netcraft extension but I think it blocks malicious script but for that Netraft would have to know about the compromised script at first. Extensions like uMatrix blocks all third party scripts by default except few trusted ones are allowed so in the case above it would protect the user. uMatrix could be a bit tiring to setup at first since you would have to manually allow some scripts on sites you regularly visits so not recommend for all. Two Av I have personal experience with who are very good at blocking malicious scripts are ESET & Kaspersky.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top