One Magecart group decided that helping cancer victims is not enough of a reason to deter them from hitting the American Cancer Society’s online store with skimming malware.
Sanguine Security found the malware on www.shop.cancer.org/ hiding behind the GoogleTagManager code. The store sells t-shirts emblazoned with the organization's logo.
“It searches for “'checkout' (Y2hlY2tvdXQ=) and will then load the actual skimming code from thatispersonal.com/assets/cancer.js (copy). This server is hosted in Irkutsk, a Russian network that is popular among skimming groups,” the company said.
Sanguine has contacted the American Cancer Society, but has not yet received a response.
The various Magecart crews have hit a wide variety of organizations, companies and retailers ranging from British Airways to Ticketmaster to Newegg.
Jonathan Deveaux, head of enterprise data protection, comforte AG, said that while these attacks are very sophisticated there are defensive measures one can put in place.
“Companies can improve their webpage monitoring, file integrity checking, and blocking of untrusted external sources to defend against this type of sophisticated attack. Additionally, organizations can deploy data-centric security, which can anonymize sensitive data at its earliest point of entry into their enterprise, which is a major step to dramatically reduce risks associated with data breaches and sensitive data exfiltration,” he said.
Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, also noted that there is a simple answer to this problem.
“Website owners should periodically check the integrity of their script code, which can be as simple as calculating a checksum every few minutes to look for an unexpected change,” he said.