Author Topic: Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site  (Read 66 times)

Offline Antus67

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3847
    • View Profile
Author:  Sergiu Gatlan

Hackers injected the Forbes' subscription website with a Magecart script which collects payment card data customers introduce on the checkout page and exfiltrates it to a server controlled by the attackers.

As revealed by Bad Packets Report's co-founder Troy Mursch, the script collects card numbers, expiration dates, and credit card CVV/CVC verification codes, as well as customers' names, addresses, phone numbers and emails.

While the obfuscated Magecart script can still be found on the website, the domain used by the attackers to collect the stolen payment information has been taken down using Freenom's abuse API which makes it possible to take down malicious domains immediately.

The deobfuscated version of the Magecart script can be found HERE, with the script showing the exact payment data collected by the cybercriminals, as well as the address of the server where the skimmed info was being sent to.

full article here:
Windows Defender
VoodooShield 5.01
Trojan Remover