Researcher detects malware designed to steal credit card information on more than 1,200 online shops

by

Researcher detects malware designed to steal credit card information on more than 1,200 online stores

  • The malware was detected on more than 1,200 online stores 
  • Magecart allows scammers to skim credit card information from online forms 
  • The infections were found in general online shops and some adult websites 

By James Pero For Dailymail.com

Published: | Updated:

A security researchers says he’s confirmed more than 1,200 sites that contain malware designed to skim victims’ credit card information. 

According to researcher and security specialist Max Kersten, 1,236 domains were confirmed to be infected with a notorious type of credit card skimming malware called MageCart.

The malware has previously affected major online sites like Ticketmaster and British airwaves and is capable of logging credit card information entered into online forms.

Magecart is an increasingly popular kind of malware that steals credit card information by skimming online forms (stock) 

As noted by BleepingComputer, many of the sites found by Kersten had been previously highlighted by other sources given the length of time it took him to chronicle the infections. 

Nonetheless, Kersten was able to chronicle the extent of this particular Magecart operation in addition to what types of online shops were affected.  

According to his research, the most commonly compromised category of site fell into a general ‘product’ category while minority categories included ‘adult entertainment’ and ‘food.’ 

Domains included in Kersten’s research show that site’s range from shops selling ski supplies to cosmetics, photo equipment, and more. A full list of affected domains can be seen on Kersten’s blog.

Those domains were overwhelmingly located in the US according to Kersten while others belong to online shops registered in Europe, Australia and some in Canada.

While Kersten’s research may seem like a massive revelation, Magecart attacks which focus on exploiting e-commerce, have exploded in recent years with many operations unaware that their servers have been compromised.

Hacks may persist for weeks, months, or even years without being noticed.

A now infamous Magecart attack on British Airways compromised nearly 400,000 customers’ credit car information last year. 

According to the security firm RiskIQ, Magecart hacks have become particularly perilous for e-commerce companies since they often don’t have access to the underlying code that runs their online stores.

HOW TO CHECK IF YOUR EMAIL ADDRESS IS COMPROMISED

Have I Been Pwned?

Cybersecurity expert and Microsoft regional director Tory Hunt runs ‘Have I Been Pwned’.

The website lets you check whether your email has been compromised as part of any of the data breaches that have happened. 

If your email address pops up you should change your password.

Pwned Passwords

To check if your password may have been exposed in a previous data breach, go to the site’s homepage and enter your email address.

The search tool will check it against the details of historical data breaches that made this information publicly visible. 

If your password does pop up, you’re likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes.

Mr Hunt built the site to help people check whether or not the password they’d like to use was on a list of known breached passwords. 

The site does not store your password next to any personally identifiable data and every password is encrypted

Other Safety Tips

Hunt provides three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use. 

Next, enable two-factor authentication. Lastly, keep abreast of any breaches