Security researchers detected and blocked over 65,000 attempts to steal credit card information from compromised online stores during the month of July. In July, Malwarebytes found that the majority (53.5 percent) of stolen credit card details originated from shoppers located in the United States. Canadians were the second most-prevalent group of victims at 15.7 percent of exposed information followed by Germans at 6.8 percent. The Netherlands followed close behind with 6.4 percent of victims.
Top 10 countries for Magecart activity in July (Source: Malwarebytes) The security firm attributed this activity to Magecart, a collection of groups which have had a busy year using web skimmers to steal customers credit card information. In January 2019, for instance, a criminal Magecart gang used a malicious script to successfully compromise hundreds of e-commerce websites. Two months later, researchers spotted Magecart actors using the same skimmer against two web-based suppliers as well as targeting visitors to the Forbes magazine subscription website with malicious code. These events came two months before researches spotted Magecart individuals using spray and pray tactics to discover misconfigured Amazon S3 buckets and deploy their skimmers. Traditionally, security companies have used credit card skimmer code to identify the groups behind these attacks. But that's getting more difficult given the growing number of skimming kits for sale on underground web marketplaces as well as the exchange of code used to build new skimmers. Malwarebytes noted in its research that skimming tools are also becoming more difficult to detect in general:
While some skimmers are simple and easily readable JavaScript code, more and more are using some form of obfuscation. This is an effort to thwart detection attempts, and it also serves to hide certain pieces of information, such as the gates (criminal-controlled servers) that are used to collect the stolen data.
Given the ongoing evolution of skimmers, organizations can contribute to the fight against Magecart actors by filing abuse reports with CERTs when specific sites suffer compromises. They should also use their available resources and cooperate with partners to help bring down these groups' criminal infrastructure. Meanwhile, consumers should carefully choose with which platforms to share their credit card data and maintain an updated anti-malware solution on their machines.
