Eight cities using Click2Gov targeted in Magecart skimming attacks

Since April 10, eight cities in three states using the Click2Gov web-based platform to collect payments for services have been hit with Magecart card-skimming attacks that still appear active.

Credit card information including card number, expiration date and CVV, as well as personal information such as name and contact address, were being exfiltrated from the municipalities, which were not named, according to a TrendMicro blog post.

However, five of the eight cities were also victims in Click2Gov attacks in 2018 and two of them had been skimmed in a similar 2019 attack.

Local governments typically use Click2Gov to allow residents to pay for such services as utilities, as well as provide an online platform for community engagement and issues reporting.

The latest attack, according to Trend Micro, underscores that credit card skimming schemes are not limited to e-commerce sites.

“Attackers are starting to invest in long-term operations that target specific processes enterprises rely on,” the post stated. “They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse.”

Trend Micro analyzed the new scheme and observed that JavaScript code is injected when victims browse the online payment page on the compromised Click2Gov website. After grabbing data from various columns, the skimmer then sends the information to a remote server via a HTTP POST request.

Trend Micro found that the Javascript-based attack is devoid of obfuscation or anti-debugging techniques, which a more sophisticated skimmer would feature.

Central Square Technologies developed Click2Gov and, as of June 29, had not responded on its website about the reported compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.