Magecart is a catch-all term for hacking groups known for their involvement in online credit card skimming attacks. They specialize in compromising the security of e-commerce websites and stealing payment card information from unsuspecting customers.
Magecart is not a single entity but a collective term describing hacking groups that use similar techniques. Each group may have varying levels of sophistication and target different types of websites.
Typical Magecart attack
- Initial compromise. The Magecart attackers gain unauthorized access to the targeted website’s infrastructure. They exploit vulnerabilities in the website’s code, third-party components, or poor security practices. These may involve outdated software or weak passwords.
- Skimming and data theft. The injected code acts as a “skimmer.“ It collects sensitive data entered by customers, such as credit card numbers, names, addresses, and CVV codes. The captured information is then sent to the attackers’ servers for further exploitation.
- Data exfiltration and fraud. Once the Magecart attackers have the payment card information, they can use it for various fraudulent activities. They may sell the data on the black market, clone the cards for unauthorized purchases, or commit identity theft and financial fraud.
Magecart attack examples
- British Airways. In 2018, Magecart attackers targeted the British Airways website, compromising the payment page. The malicious code injected into the website’s scripts captured customers’ payment card details as they made bookings, affecting around 380,000 transactions.
- Ticketmaster. Magecart attackers breached Ticketmaster’s online payment system in 2018. They gained access through a third-party chatbot on the website and injected malicious code. This compromised the personal and payment information of approximately 40,000 customers.
- Newegg. In 2018, Magecart attackers compromised the popular online electronics retailer Newegg by injecting malicious code into their payment page. This allowed them to steal payment card information from customers who made purchases on the website.
- Macy’s. Magecart attackers targeted Macy’s, a well-known retail giant, in 2019. They injected malicious code into its website to steal customer card information during checkout.
- Forbes. Magecart attackers compromised the Forbes.com website in 2019 by injecting malicious code into a third-party ad script. This led to the skimming of payment card data from visitors who accessed the website during the attack.