Skip to main content

Home Magecart


Magecart definition

Magecart is a catch-all term for hacking groups known for their involvement in online credit card skimming attacks. They specialize in compromising the security of e-commerce websites and stealing payment card information from unsuspecting customers.

Magecart is not a single entity but a collective term describing hacking groups that use similar techniques. Each group may have varying levels of sophistication and target different types of websites.

See also: skimming attack, XSS

Typical Magecart attack

  1. 1.Initial compromise. The Magecart attackers gain unauthorized access to the targeted website's infrastructure. They exploit vulnerabilities in the website's code, third-party components, or poor security practices. These may involve outdated software or weak passwords.
  2. 2.Injecting malicious code. Once the attackers have gained the access, they inject malicious JavaScript code into the website's pages. This code is designed to capture and send customer payment card information to the attackers' servers.
  3. 3.Skimming and data theft. The injected code acts as a “skimmer.“ It collects sensitive data entered by customers, such as credit card numbers, names, addresses, and CVV codes. The captured information is then sent to the attackers' servers for further exploitation.
  4. 4.Data exfiltration and fraud. Once the Magecart attackers have the payment card information, they can use it for various fraudulent activities. They may sell the data on the black market, clone the cards for unauthorized purchases, or commit identity theft and financial fraud.

Magecart attack examples

  • British Airways. In 2018, Magecart attackers targeted the British Airways website, compromising the payment page. The malicious code injected into the website's scripts captured customers' payment card details as they made bookings, affecting around 380,000 transactions.
  • Ticketmaster. Magecart attackers breached Ticketmaster's online payment system in 2018. They gained access through a third-party chatbot on the website and injected malicious code. This compromised the personal and payment information of approximately 40,000 customers.
  • Newegg. In 2018, Magecart attackers compromised the popular online electronics retailer Newegg by injecting malicious code into their payment page. This allowed them to steal payment card information from customers who made purchases on the website.
  • Macy's. Magecart attackers targeted Macy's, a well-known retail giant, in 2019. They injected malicious code into its website to steal customer card information during checkout.
  • Feedify. In 2019, Magecart attackers breached the website analytics provider Feedify. They inserted skimming code into its JavaScript library. This allowed them to steal payment card information from many websites that used Feedify's services.
  • Forbes. Magecart attackers compromised the website in 2019 by injecting malicious code into a third-party ad script. This led to the skimming of payment card data from visitors who accessed the website during the attack.