Threat Management, Malware, Security Strategy, Plan, Budget

Magecart-style credit card sniffer spotted for sale, online retailers beware

Online retailers should be on high alert for attacks carried out by a Magecart-style credit card sniffing tool similar to the one used to carry out the British Airways and Ticketmaster hacks.

Armor researchers are warning retailers after spotting the tool for sale in a Russian forum on the dark web for $1,300, according to a report by Armor Threat Intelligence.  

Russian ad for the Margecart-style tool.

The tool is advertised to contain two components: a standard universal payment card sniffer and a control panel. The tool’s control panel is capable of generating a custom credit card sniffer in a JavaScript file that will work on any e-commerce site that employs Magento, OpenCart or OsCommerce payment forms.

In addition, researchers noted it used Secure Socket Layer (SSL) protocol to encrypt the outbound payment card data being collected, which makes it harder for security teams to see the data being exfiltrated from the e-commerce site.

Armor's Threat Resistance Unit senior security researcher Corey Milligan believes the tool represents the first step in the commoditization of the Magecart-style attack that will create a new line of revenue for the original Magecart threat groups while also saturating the threat landscape with attempts by low-level threat actors.

“We expect to see a mass of “Hail Mary” attacks, with the cybercriminals  intent on hitting as many sites as possible, hoping that some of them will succeed and be fruitful,” Milligan said. “Unfortunately, the threat actors only have to be right once, and in this case, being right once could result in a haul of credit card data that is profitable and easy to sell on the Dark Web.”

In addition, TRU team believes that the low-level threat actors will plug this tool into processes that involves the automated scanning for and the indiscriminate attacking of vulnerable e-commerce sites, even ones that don’t have the applicable payment form.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.