Quote:Gangs using malicious JavaScript code to steal payment info target multiple online shopping platforms used by thousands of small stores; more advanced ones rely on tactics to remain undetected for a longer period.
 
Generically known as Magecart because the Magento payment platform is a frequent target, the web skimming scripts are injected on checkout pages and collect credit and debit card details when customers pay for an order.
 
Attackers typically make their way in by exploiting known vulnerabilities in these platforms, whose outdated versions often run on smaller stores. They often set sight on plugins that load on the checkout page.
 
In a report today, RiskIQ researcher Yonathan Klijnsma details a large-scale operation Magecart Group 12 led against OpenCart online stores. It used stealth tactics to keep its activity under the radar and pilfer as much payment info as possible.
 
According to RiskIQ telemetry data, OpenCart is in the top three most frequent shopping platforms worldwide, powering thousands of online stores, both large and small. It is surpassed only by Shopify and Magento.
"With the ubiquity of these platforms (especially with self-hosted solutions) it’s often exposed to vulnerabilities that make it a prime target for skimming attacks," says Klijnsma.