The attack affected Shopper Approved costumers and developers
The malicious hacker group known as Magecart has attacked again, this time the victim is Shopper Approved, a third-party software that provides qualification stamps for online stores. According to experts in digital forensics, as a result of the attack, payment information from multiple online stores could be compromised.
This is the most recent security incident related to this malicious group, after Magecart has been also linked with massive data thefts to organizations such as Ticketmaster and the British Airways airline.
“As in the Ticketmaster incident, this attack did not directly affect a single store”, the digital forensics experts mentioned in their data theft report. “Instead, Magecart attempted to hide payment information from several online stores at once by engaging a widely used third-party service.”
Magecart, which operates from 2015, has been linked to recent security violations. The group primarily uses injected scripts into websites to steal data that is entered into online payment forms on ecommerce websites. This can be done directly, or through compromised third-party vendors, as is the case of Shopper Approved. This attack a digital variant of traditional card theft through skimmers, which are hidden devices in cashiers’ card readers and machines alike.
On September 15th, digital forensics experts who have followed the tracks behind Magecart’s attacks said they received a notification that the script used by the group to steal card data had been discovered once again in a web domain, which could be confirmed shortly thereafter.
The skimmer was added to a script that normally guarantees the functionality to obtain the approved site stamp provided by Shopper Approval. It remained active between September 15th and 17th, the day the site administrators found it.
Although the experts in digital forensics did not disclose the names of the companies concerned, they did reveal that they are more than 7k affected Shopper Approval’s clients.
One of Shopper Approved’s spokesperson mentioned in a statement that the company initiated an internal investigation and took steps to remedy the problem immediately after the company discovered the security Incident.
Digital forensic experts from the International Institute of Cyber Security consider these attacks to be stronger as the group learns to be more effective. For example, while attacks were being carried out against vendors, subsequent attacks targeted services that provide functionality to ecommerce websites to increase their scope.