Numerous European websites for the anti-aging skin care brand, Perricone MD, have been compromised with malicious scripts.
Sam Jenkins, developer at RapidSpike, discovered that malicious scripts from two hacking groups had attempted to steal payment card information on the European e-commerce websites for Perricone.
The first malicious script was traced back to November 2018, meaning that it had been present on the website for over a year. However, due to a coding error, it prevented the skimmer from successfully loading.
If the script was working as intended, it stood no chance in successfully skimming payment data, as the second malicious script is much more complex, and likely to have detected the competing web skimmer, thus altering the code so the host domain could not be reached.
The second malicious script, from the second hacking group gained access to the websites in November 2019.
“They registered the domain perriconemd.me.uk to help avoid detection and only load the skimmer on the checkout page, another common tactic to help avoid detection,” explained Jenkins.
Jenkins found that the server hosting perriconemd.me.uk is in Japan, to which it hosts several other domains connected to a wide range of data breaches and credit card theft.
RapidSpike reached out to several employees at Perricone MD and made themselves available to help.
No evidence has been found that any credit card or personal information has been breached.
The malicious code is still present on the European websites, but it does not load for all customers.
The post #Privacy: MageCart compromises Perricone’s European e-commerce sites appeared first on PrivSec Report.