Widespread Magecart Campaign Targets Users of All Major Credit Cards

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
974
4,666
2,168
Germany
Content source
https://hackread.com/magecart-targets-all-credit-cards-users/
If you’ve recently used a credit card to shop online, you may have been the target of a massive, hidden cyberattack. Security researchers at Silent Push have identified an extensive network of malicious domains dedicated to Magecart, a term used to describe a specific type of online credit card theft and the various groups that carry it out.

In a report shared with Hackread.com, the team revealed that this specific campaign has been operating secretly since at least January 2022, and the scope of the attack is disturbingly wide, targeting customers using nearly every major payment network, including Mastercard, American Express, Discover, Diners Club, JCB, and UnionPay.
Click to expand...
Full Article:
hackread.com

Widespread Magecart Campaign Targets Users of All Major Credit Cards

Researchers at Silent Push have exposed a global Magecart campaign stealing credit card data since 2022. Learn how this invisible web-skimming attack targets major networks like Mastercard and Amex, and how to stay safe.
hackread.com hackread.com
 
  • Like
  • Hundred Points
Reactions: Wrecker4923, Victor M, Sampei.Nihira and 1 other person
Brownie2019 said:
Full Article:
hackread.com

Widespread Magecart Campaign Targets Users of All Major Credit Cards

Researchers at Silent Push have exposed a global Magecart campaign stealing credit card data since 2022. Learn how this invisible web-skimming attack targets major networks like Mastercard and Amex, and how to stay safe.
hackread.com hackread.com
Click to expand...
What this article is describing is a “web skimmer” (often called Magecart) campaign: attackers get malicious JavaScript onto a merchant’s checkout flow, then steal the card data as you type it into the page (client-side, in the browser). It is not a “payment network breach” (Visa/Mastercard/Amex, etc. are not hacked); rather, compromised e-commerce sites (or their third-party scripts) are used to skim payment details.

What Silent Push appears to have found (high level)
  • A long-running skimmer infrastructure (malicious domains and obfuscated scripts) active since at least January 2022.
  • Scripts designed to blend in (look like benign “cdn”/tracking assets) and evade detection, including behavior intended to avoid being noticed by site admins.
  • Fake payment-form behavior: hide the real form, show a convincing lookalike, capture details, then restore the real form so the purchase can still complete (reducing user suspicion).

Important clarification about “targets all credit cards users”
This wording is attention-grabbing, but the practical risk is: you’re exposed if you happen to shop on a site that is currently compromised by a skimmer. The fact that multiple card brands are “supported” mostly means the skimmer recognizes/accepts different card types (or displays different logos/validation patterns) rather than indicating the card networks themselves were compromised.

What normal users can do (realistic, low-risk steps)
  • Use credit cards (not debit) for online purchases when possible, because consumer protections are usually stronger.
  • Enable real-time transaction alerts through your bank/card app, and review statements regularly.
  • Prefer tokenized payment methods (Apple Pay / Google Pay / PayPal) when offered; these can reduce direct card-number exposure to the merchant site.
  • If a checkout suddenly errors out and asks you to re-enter card details, treat it as a red flag: stop, don’t retry repeatedly, and consider using a different merchant or a tokenized method.
  • If you suspect you entered card data into a suspicious checkout page: contact your card issuer promptly, dispute fraudulent charges, and request a replacement card if advised by the issuer.

What site owners should take away
Client-side attacks often bypass traditional server-focused controls. The usual defensive direction is tighter control/monitoring of what scripts can run on checkout pages (for example, script allowlisting and strong CSP/SRI practices, plus continuous monitoring of third-party resources).

Conclusion
This is a credible class of threat (web skimming) and Silent Push’s write-up is consistent with how modern Magecart-style campaigns operate. The main actionable point for consumers is monitoring/alerts and using tokenized payments; for merchants, controlling and monitoring client-side scripts is key.

Sources
 

How to Protect Yourself

It is worth noting that because this happens inside your own web browser, it is nearly impossible for a normal user to see.
However, there are small red flags, like if a site suddenly asks you to re-enter your payment info after an odd error, or if the form looks slightly different the second time, it could be a sign of a skimmer.

hackread.com

Widespread Magecart Campaign Targets Users of All Major Credit Cards

Researchers at Silent Push have exposed a global Magecart campaign stealing credit card data since 2022. Learn how this invisible web-skimming attack targets major networks like Mastercard and Amex, and how to stay safe.
hackread.com hackread.com
Click to expand...
 
Recommendations / Remediation

For Website Administrators

Audit External Scripts
Immediately review all scripts loading from third-party domains. Specifically, block or investigate calls to cdn-cookie.com or unknown assets hosted on PQ.Hosting IPs.

Implement CSP
Deploy a strict Content Security Policy (CSP) that only allows script execution and data exfiltration (connect-src) to known, trusted domains.

Subresource Integrity (SRI)
Use SRI tags for all third-party JavaScript to ensure that if a legitimate resource is modified (compromised), the browser refuses to execute it.

For End Users

Behavioral Red Flags
Be extremely suspicious if a payment form returns an error and asks you to re-enter data, especially if the page seemingly "refreshes" or the form appearance shifts slightly between attempts.

Transaction Monitoring
Regularly audit bank and credit card statements for unauthorized transactions, as this attack vector allows the legitimate transaction to go through, masking the theft.
 
You must log in or register to reply here.

You may also like...