BleepingComputer reports that more than 300 restaurants across the U.S. had 50,000 payment cards stolen in two ongoing Magecart malware campaigns aimed at Harbortouch, MenuDrive, and InTouchPOS online ordering portals.
Eighty restaurants leveraging MenuDrive and 74 others using Harbortouch have been impacted by the first campaign that began in January, with the web skimmer found to be injected into the web pages of restaurants, according to a report from Recorded Future. Separate scripts for payment card data retrieval and cardholder name, email address, and phone number collection were used in the malware sent for MenuDrive systems, while only one script was used on Harbortouch.
Meanwhile, the Magecart campaign targeted at InTouchPOS began last November but most skimmer injections were discovered to have begun in January. Researchers noted that the InTouchPOS campaign involves an overlaid fake payment form instead of direct information theft from compromised sites.
Performing restaurant subdomain scanning is needed in removing skimmers in the MenuDrive and Harbortouch campaign but only a simple code comparison is required for the InTouchPOS infection, said Recorded Future.
Hundreds of GitHub repositories have been targeted with fraudulent commits purportedly from GitHub's free automated dependency management tool Dependabot in a bid to facilitate malicious code injections and exfiltrate sensitive project data exfiltration, reports SecurityWeek.