Malwarebytes have identified a credit card skimmer being injected into hundreds of counterfeit sites selling brandname shoes.
Malwarebytes explained that threat actors scroll through sporting and fitness forums leaving messages to entice users into visiting the fake stores.
“Unfortunate shoppers may not only be disappointed with the faux merchandise, but they will also relinquish their personal and financial data to Magecart fraudsters,” explained Malwarebytes.
Malwarebytes noted that many of the counterfeit sites identified are still online, thus allowing them to check for Magecart scripts.
Malwarebytes explained that hackers are injected the sites with malicious script named “translate.js”.
BleepingComputer noted that after running the script through a JS beautifier, the script was found collecting submitted credit card information entered by the customer. The information is then sent to a server in China, where the threat actors can collect the information.
Malwarebytes threat intelligence researcher Jérôme Segura discovered that all the counterfeit sites were running similar templates, using Magento, utilising an outdated version of the PHP programming language, and were located on a small number of IP address subnets.
Subsequently, it is believed that threat actors conducted a mass scan seeking vulnerable sites, especially one running Magento or outdated PHP versions.
“Counterfeit sites pose a double threat, not only from obtaining illicit goods but also getting robbed of data by a different group of criminals.”
Malwarebytes have provided some tips on how to reduce the risks associated with online shopping; one tip is to keep monitoring bank statements to identify any suspicious activities. In addition, it is advised to ensure that the computer being used is malware-free and operating with the latest patches.
The post #Privacy: Counterfeit sneaker sites injected with a credit card skimmer appeared first on PrivSec Report.