A website collecting donations for the victims of the Australia bushfires has been injected with malicious script.
The Malwarebytes Threat Intelligence Team discovered that a legitimate donation collecting website has been compromised by a Magecart script.
The Magecart attack works by loading a malicious credit-card skimmer script named ATMZOW into the checkout pages once a visitor adds an item to their cart.
After the visitor enters their payment information as part of the checkout process, the malicious script will then steal the submitted information and send it to a domain controlled by the attackers. The domain, vamberlo[.]com is obfuscated in the script.
Malwarebytes’ Jérôme Segura told BleepingComputer that after becoming aware of the compromised site, they were able to get the domain shut down, meaning that visitors to the website will no longer have their payment information stolen.
However, the code is still active on the site, thus the attackers could modify the code to use a new domain and begin skimming payment information once again. The only way to properly secure the website is to completely remove the Magecart script.
Malwarebytes has contacted the donation website, but the eCommerce store has yet to respond.
Troy Mursch of Bad Packets Report has also found that the same malicious script is currently active on 39 other websites.
Deepak Patel, a security evangelist at Perimeterx told Infosecurity Magazine: “Given the lack of visibility into such client-side attacks, the website owners often find out about the data breach days or weeks after the code injection. This extended time allows skimmers to monetize the stolen cards to the fullest extent.”
The post #Privacy: Magecart attackers strike Australia bushfire donation website appeared first on PrivSec Report.