Since February, a prominent Magecart cybercriminal group has injected the same Java-based payment card skimmer program not one, not two, but three times into the compromised international website of blender manufacturer NutriBullet, researchers from RiskIQ have reported.

Each time a skimmer was removed from nutribullet.com, the criminal actors, known as Magecart Group 8, would reintroduce a replacement skimmer into the breached web environment, according to RiskIQ threat researcher Yonathan Klijnsma, in a company blog post on Wednesday.

NutriBullet and its parent company Capital Brands on Wednesday told SC Media that it remedied the website compromise on March 17, but RiskIQ's report does not support this assertion. Rather, Klijnsma claims that NutriBullet did not respond to RiskIQ's multiple attempts at private disclosure over the course of roughly one month's time, and that it was RiskIQ who repeatedly took action to remove the attacker's exfiltration domain, with the help of anti-malware project Abuse.ch and the nonprofit Shadowserver Foundation.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.