Unless You Want Your Payment Card Data Skimmed, Avoid These Commerce Sites

[upnorth]

Content source

https://arstechnica.com/information-technology/2019/05/more-than-100-commerce-sites-infected-with-code-that-steals-payment-card-data/

More than 100 e-commerce sites around the world are infected with malicious code designed to surreptitiously skim payment card data from visitors after they make purchases, researchers reported on Wednesday.

Among those infected are US-based websites that sell dental equipment, baby merchandise, and mountain bikes. In total, researchers with China-based Netlab 360 found 105 websites that executed card-skimming JavaScript hosted on the malicious domain magento-analytics. While the domain returns a 403 error to browsers that try to visit it, a host of magento-analytics URLs host code that’s designed to extract the name, number, expiration date, and CVV of payment cards that are used to make purchases. The e-commerce sites are infected when the attackers add links that cause the malicious JavaScript to be executed. One of the infected sites identified by Netlab 360 is ilybean, an Orlando, Florida, business that sells baby beanies. As the screenshot below shows, the site executes JavaScript hosted at magento-analytics.

“This isn't a new campaign, as the domain has been around for several months already, but it is one of the more active ones, according to our telemetry stats,” Jérôme Segura, head of threat intelligence at security provider Malwarebytes, told Ars. “We block an average of 100 connections to this domain daily from Malwarebytes users that visit an online store that's been hacked.”

There’s no easy way for people to know for sure if an e-commerce site they’re browsing is infected. Malwarebytes and many other endpoint security programs will block the best-known campaigns, but new ones pop up so often that these products can’t be expected to catch all of them. People should never use debit cards when making online purchases. Credit card users should be sure to check their statements each month for fraudulent charges. People may also want to consider using temporary cards that have small, fixed lines of credit.

 

[Ink]

Impacted Domains from link above.

adirectholdings[.]com
adm[.]sieger-trophaen[.]de
adventureequipment[.]com[.]au
alkoholeswiata[.]com
alphathermalsystems[.]com
ameta-anson[.]com
ametagroup[.]com
ametawest[.]com
appliancespareparts[.]com[.]au
armenianbread[.]com
autosportcompany[.]nl
bagboycompany[.]com
boardbookalbum[.]biz
boardbookalbum[.]com
boardbookalbum[.]net
boardbookalbums[.]biz
boardbookalbums[.]net
burmabibas[.]com
businesstravellerbags[.]com
clotures-electriques[.]fr
cltradingfl[.]com
colorsecretspro[.]com
connfab[.]com
cupidonlingerie[.]fr
devantsporttowels[.]com
diamondbladedealer[.]com
digital-2000[.]com
emersonstreetclothing[.]com
equalli[.]com
equalli[.]co[.]uk
equalli[.]de
eu[.]twoajewelry[.]com
eyeongate[.]net
fitnessmusic[.]com
fluttereyewear[.]com
freemypaws[.]info
gabelshop[.]ch
gosuworld[.]com
hotelcathedrale[.]be
huntsmanproducts[.]com[.]au
iconicpineapple[.]com
ilybean[.]com
imitsosa[.]com
jasonandpartners[.]com[.]au
jekoshop[.]com
jekoshop[.]de
junglefeveramerica[.]com
kermanigbakery[.]com
kermanigfoods[.]com
kings2[.]com
koalabi[.]com
lamajune[.]com
li375-244[.]members[.]linode[.]com
libertyboutique[.]com[.]au
lighteningcornhole[.]com
lighting-direct[.]com[.]au
lightingwill[.]com
liquorishonline[.]com
lojacristinacairo[.]com[.]br
magformers[.]com
maxqsupport[.]com
mdcpublishers[.]com
meizitangireland[.]com
mockberg[.]com
monsieurplus[.]com
mont[.]com[.]au
mtbsale[.]com
noirnyc[.]com
nyassabathandbody[.]com
pgmetalshop[.]com
pinkorchard[.]com
pizzaholic[.]net
powermusic[.]com
prestigeandfancy[.]com
prestigebag[.]com
prestigefancy[.]com
prestigepakinc[.]com
prettysalonusa[.]com
promusica[.]ie
qspproducts[.]com
qspproducts[.]nl
qspracewear[.]nl
rightwayhp[.]com
safarijewelry[.]com
schogini[.]biz
shopatsimba[.]com
spalventilator[.]nl
spieltraum-shop[.]de
storageshedsoutlet[.]com
stylishfashionusa[.]com
suitpack[.]co[.]uk
svpmobilesystems[.]com
task-tools[.]com
tiroler-kraeuterhof[.]at
tiroler-kraeuterhof[.]com
tiroler-kraeuterhof-naturkosmetik[.]com
ucc-bd[.]com
ussi-md[.]com
utvcover[.]com
vezabands[.]com
vitibox[.]co[.]uk
waltertool[.]info
waltertool[.]org
waltertools[.]com
workoutmusic[.]com

 

[Threadripper]

Hate using my real payment data in general, I use PayPal if possible unless I completely trust the entity (Bitwarden, Tutanota, etc.) and Apple Pay in stores.