New MageCart campaign leverages convincing fake payment forms

Online stores' payment pages are being compromised to display convincing fake checkout forms to facilitate credit card theft as part of a new Magecart campaign, reports BleepingComputer. Such fraudulent payment forms are being displayed in the compromised payment pages as modals, as observed in a PrestaShop-based Parisian travel accessory store that has been infected with the Kritec JavaScript credit card skimmer, according to a Malwarebytes report. Inputting credit card data in the malicious modal window, which has been made with the brand's interface elements to evade suspicion, would redirect users to the real payment URL but all entered information has already been stolen by attackers. Moreover, cookies are also being deployed to successfully targeted users to prevent data duplication and reduce exposure. "It is possible multiple threat actors are involved in those campaigns and customizing skimmers accordingly. While many hacked stores had a generic skimmer, it appears the custom modals were developed fairly recently, maybe a month or two ago," said the report.