Hacking groups that make up Magecart are effective and persistent at stealing customer and payment card data through skimmers. Here’s how they work and what you can do to mitigate the risk.
Magecart definition
Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information. This is known as a supply chain attack. The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT.
Shopping carts are attractive targets because they collect payment information from customers: if your malware can tap into this data stream, you have a ready-made card collection tool. Almost all ecommerce sites that use shopping carts don’t properly vet the code that is used with these third-party pieces — a recipe for a ready-made hack.
Magecart is known to have been active since 2016 and is still quite prolific. RiskIQ has found evidence of its exploits going back to 2010. RiskIQ was acquired by Microsoft in 2021 and folded into Microsoft’s own threat research. Unfortunately, much of the original research isn’t available, although this 2019 report gives a very comprehensive view of the malware’s activities. The malware group’s activities intensified in 2018, and researchers saw hourly alerts for websites being compromised by its skimmer code. That earned Magecart a spot on Wired magazine’s list of Most Dangerous People On The Internet In 2018.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!