Just days after the British Airways breach which exposed almost 400,000 payment card information, the hack group was also recognized as behind the hacking of two additional victims this week – Feedify and Groopdealz.
The hack of Feedify was disclosed after a Twitter user named “Placebo” posted Tuesday that Magecart was seen attacking the Feedify platform. CyberSecurity Researchers Yonathan Klijnsmaand and Kevin Beaumontboth confirmed the hack on Twitter. According to them, the platform has been victimized by Magecart since August 17th, and the bad code popped up again after being shut down multiple times – which suggests that the campaign is still ongoing.
The threat actor embedded malicious code into a Feedify-hosted JavaScript library. When a visitor goes to that website, the Magecart group’s malware will then collect data entered on the site – such as personal details and payment card information. According to Feedify, approximately 4,000 websites are currently using its code.
Klijnsmaand said that the Magecart skimmer impacted boutique deals company Groopdealz, a fashion and decor website that he said has been hacked since August 5th. “That’s more than a month now,” he said in a Tweet. “Script was manually embedded on the server, the website already used a legitimate jQuery script from a normal trusted CDN.”
Fresh from the British Airways breach last week, cybersecurity researchers at RiskIQ released findings which shows that the Magecart group added malicious scripts on the baggage claim information page of the British Airways’ website – which then collectively acquired data from visitors and sent it back to the hackers’ server.
Magecart is known for its use of web-based digital card skimmers since 2016, which uses malicious scripts injected into websites to unknowingly retrieve data that’s entered into online payment forms on business websites directly or through compromised third-party suppliers used by these sites.
“Magecart has been running a campaign very similar to what happened to British Airways, since 2017.” Klijnsmaand said. “They’ve been setting up infrastructure to mimic victims or they would simply mimic ad or analytics providers to blend in. The British Airways attack was just an extension of that attack in our eyes.”
Magecart, has been in operation since 2015, and has been acknowledged for an array of recent hacking incidents, including one of the most prolific card-stealing operations to date, as well as a massive breach of Ticketmaster early this year.
This just shows that this group is not done yet.
