105 webshops infected with the malicious script stealing credit card data

Criminals using inject malicious JavaScript codes to hundreds of e-commerce websites to steal credit card data

Hackers steal data by using the www.magento-analytics.com domainBad actors use JavaScript codes to leak credentials from e-commerce websites

We hope that many of you have been introduced to the MageCart hacker group which is known to use specific techniques to steal sensitive information from users worldwide.[1] However, recently another group of cyber criminals has been found using the exact same method to leak credentials from various people shopping online. According to reports, more than 105 online shops were found to include the malicious script used to leak financial data.

The illegitimate activity seems to be carried out through the malicious JavaScript scripts including the digital credit card skimming code.[2] The collected data is then sent to the file hosted on the malicious www.magento-analytics.com site. The scripts have been injected into a big number of electronic store pages based on the Magento e-commerce CMS software which has nothing to do with the previously mentioned domain name.

The worst part of these scripts is that they launch on specific websites and steal sensitive credit card information right away. This data includes the card owner's name and surname, the number, CVV code, expiration term, and different types of details that relate to already made payment transactions.[3]

The commonly-known Magento e-commerce platform has nothing to do with the malicious activity

The domain www.magento-analytics.com does not have anything to do with the well-known Magento e-commerce organization, even though the affected pages are using the company's software to run. The name is only a trick used by hackers to convince users about the domain's legitimacy while it is fake and malicious. When users remain confused, the bad actors carry out their activities without any sign.

The domain registration location is in Panama but researchers have also discovered that the IP address has been moving between different directories recently. This includes different types of countries and cities such as The United States, Arizona, then Russia Moscow, and finally China, Hong Kong.

Know what shopping websites you MUST avoid

Computer security experts are warning people that there might be more than 105 websites filled with malicious JavaScript code. Some of the sites you should avoid include (a full list can be found here):

  • mitsosa[.]com
  • alkoholeswiata[.]com
  • spieltraum-shop[.]de
  • ilybean[.]com
  • mtbsale[.]com
  • ucc-bd[.]com

Security experts haven't been able to detect all of the pages filled with the malicious code yet, so posts claiming that unreported Magento pages were affected by the cyber attack can increase in the future.[4]

All Magento users using e-commerce services need to be accurate and careful while entering their accounts and making payments. Experts recommend all customers to regularly check all of their payment information and make sure that no suspicious payments are confirmed.

Continuously, it is advisable to perform all needed updates, take recommended precautionary measures which might be released by the organization as it should decrease the risk of potential danger. For possible future attempts, all users need to make sure that their passwords are strong and reliable enough so that they cannot be guessed easily. The well-known multifactor authentication[5] feature is a very good strategy to use in such cases.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

Alice Woods is the News Editor at 2-spyware. She has been sharing her knowledge and research data with 2spyware readers since 2014.

Contact Alice Woods
About the company Esolutions