steven36 Posted February 26, 2020 Share Posted February 26, 2020 For the past 30 months, an online printing platform with a cover store for well-known magazines has been constantly infected with malicious scripts that steal customer payment card data. At least 18 skimmers or sniffers - scripts that copy credit card info at checkout, were identified since August 2017 on Reprint Mint photo store that prints covers of ESPN sports magazine and of the American military publication Stars and Stripes. MageCart sniffer overload On some occasions, more than one skimmer was active at the same time, indicating that multiple attackers had compromised the site and were receiving the pilfered card info. Sanguine Security, a company specialized in online store fraud protection, says that the first skimmer they noticed on Reprint Mint ran for a year and a half without drawing attention. Things changed on February 1, 2019, when it was replaced by a different script, which sent the data to a file associated with the Inter sniffing kit, available on underground markets for $950. The collecting file was moved to various domains, most likely compromised for this purpose. On August 1, 2019, a third skimmer with a different code and exfiltration domain stepped in and replaced competition. By December, Sanguine researchers had seen six different scripts specifically designed to intercept payment card data. Most of the time, only one of them was active, except for the last two, which seemed to coexist. New sniffers were planted starting January 23, 2020, with number five being a constant, regardless of the rivals swooping in. Sanguine Security informs that it was still present on Wednesday, despite multiple attempts to reach out to the printing platform. BleepingComputer could confirm that the two scripts are active at the moment of writing. Few crooks were caught While Reprint Mint is a small shop, it shows that any eCommerce site can be a battlefield for MageCart operators. Card-stealing malware will make its way on any site with security gaps that can be exploited, no matter the amount of card data that can be exfiltrated. The information is then sold on underground forums. Skimmer operators are extremely active, compromising hundreds of thousands of websites. One such threat actor alone managed to infect more than 40 web stores since October 2019. Over a dozen groups play this game. Until now, authorities caught only three MageCart hackers that are part of a larger group that infected at least 571 stores since 2017. They collected about 1,000 cards and user account logins every week and either sold it on underground forums or used it to buy goods. Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.