Donating to help the victims of Australia’s bushfires could put your credit card details at risk as security researchers have discovered that cybercriminals have compromised one of the websites collecting donations by injecting a malicious script into the site which steals the payment information of donors.
While the attackers’ intention was to target the site itself, unfortunately the donors as well as the victims of Australia’s bushfires will end up paying the price.
The Magecart attack targeting the donation website works by adding a malicious credit card skimmer script called ATMZOW into a user’s cart at the site’s checkout page. When they submit their payment information as part of the checkout process, the malicious script steals the submitted information and sends it to a domain controlled by the attackers.
According to Malwarebytes Jérôme Segura, the compromised site has now been shut down which means that donors will no longer have their payment information stolen. However, as the code is still active on the site, the attackers could modify it to use a new domain and begin collecting user’s payment information once again.
Bad Packets Report’s Troy Mursch used the PublicWWW tool to discover that the same script used by the attackers is currently active on 39 other websites.
Cybercriminals are constantly looking for new sites to target and unfortunately the donors trying to help victims of the Australian bushfires were caught in the crossfire.