Magecart gang uses authentic-looking fake payment screens to steal user data

Researchers have been looking at an ongoing Magecart effort that uses authentic-looking fraudulent payment windows to steal personal data from unwary customers. The threat actor behind the effort hijacked the checkout page using actual logos from the hacked shop and altered a web element known as a modal, making the skimmer appear more authentic than the original payment page.

Magecart refers to a gang of cybercriminals who employ skimming tactics to steal consumer information and payment information from e-commerce websites. The term “Magecart” came from the group’s original focus on the Magento platform. According to Sansec statistics, the first Magecart-like assaults were discovered in 2010.

As an evasion method, the current incarnation of the campaign includes the injection of a skimmer called Kritec, which impersonates respectable third-party providers like Google Tag Manager.

The skimmer is both complicated and deeply disguised, and it is activated when a credit card is selected as a payment method on the hijacked website. Once the payment card information is obtained, the victim is shown a bogus error message about payment cancellation before being redirected to the actual payment page, and the payment is processed.

The sources for this piece include an article in TheHackerNews.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web