In a recent Magecart credit card theft campaign, legitimate websites are taken over and used as “makeshift” command and control (C2) servers to inject and conceal skimmers on selected eCommerce sites.
An online store breached by hackers to insert malicious scripts that steal customers’ credit cards and personal information while they are checking out is known as a “Magecart attack.”
The United States, the United Kingdom, Australia, Brazil, Peru, and Estonian organisations have all been penetrated, according to Akamai researchers following this campaign.
A further indication of the stealthiness of these attacks, according to the cybersecurity firm, is the fact that many victims haven’t been aware they’ve been compromised for more than a month.
Exploiting legitimate sites
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: