Product Reviews

Australia bushfire charities hit by credit card cyberattack

Donating to help the victims of Australia’s bushfires could put your credit card details at risk as security researchers have discovered that cybercriminals have compromised one of the websites collecting donations by injecting a malicious script into the site which steals the payment information of donors.

This kind of attack is known as Magecart and it involves hackers compromising a website to inject malicious JavaScript code into a site’s ecommerce or checkout pages. These scripts are used to steal credit card or payment information which is then sent to a remote site controlled by the attackers.

The Malwarebytes Threat Intelligence Team first discovered that a legitimate website collecting donations to help victims in Australia was compromised by a Magecart script.

While the attackers’ intention was to target the site itself, unfortunately the donors as well as the victims of Australia’s bushfires will end up paying the price.

Magecart attack

The Magecart attack targeting the donation website works by adding a malicious credit card skimmer script called ATMZOW into a user’s cart at the site’s checkout page. When they submit their payment information as part of the checkout process, the malicious script steals the submitted information and sends it to a domain controlled by the attackers.

According to Malwarebytes Jérôme Segura, the compromised site has now been shut down which means that donors will no longer have their payment information stolen. However, as the code is still active on the site, the attackers could modify it to use a new domain and begin collecting user’s payment information once again.

Bad Packets Report’s Troy Mursch used the PublicWWW tool to discover that the same script used by the attackers is currently active on 39 other websites.

Cybercriminals are constantly looking for new sites to target and unfortunately the donors trying to help victims of the Australian bushfires were caught in the crossfire.

Via BleepingComputer

Source link