Legitimate sites compromised in global Magecart skimmer campaign

Organizations in the U.S., Brazil, Peru, Estonia, Australia, and the U.K. have been compromised by a new Magecart web skimmer campaign hijacking vulnerable legitimate retail websites to facilitate the theft of personal and credit card information, BleepingComputer reports. Vulnerable websites are being identified and taken over to be used as command-and-control servers to bypass security systems before they are injected with a small JavaScript snippet enabling the retrieval of malicious code, according to an Akamai report. Attackers have leveraged two variants of a Base64-encoded skimmer in the campaign, the first of which features CSS selectors aimed at exfiltrating credit card data and personally identifiable information. However, the other skimmer variant lacked protections that enabled researchers to determine the extent of the campaign. Timely application of CMS and plugin security updates have been recommended for website owners to avoid Magecart attacks, while online shop customers have been advised to leverage virtual cards and electronic payment methods.