Security researchers detected and blocked over 65,000 attempts to steal credit card information from compromised online stores during the month of July.
In July, Malwarebytes found that the majority (53.5 percent) of stolen credit card details originated from shoppers located in the United States. Canadians were the second most-prevalent group of victims at 15.7 percent of exposed information followed by Germans at 6.8 percent. The Netherlands followed close behind with 6.4 percent of victims.
The security firm attributed this activity to Magecart, a collection of groups which have had a busy year using web skimmers to steal customers credit card information. In January 2019, for instance, a criminal Magecart gang used a malicious script to successfully compromise hundreds of e-commerce websites. Two months later, researchers spotted Magecart actors using the same skimmer against two web-based suppliers as well as targeting visitors to the Forbes magazine subscription website with malicious code. These events came two months before researches spotted Magecart individuals using spray and pray tactics to discover misconfigured Amazon S3 buckets and deploy their skimmers.
Traditionally, security companies have used credit card skimmer code to identify the groups behind these attacks. But that’s getting more difficult given the growing number of skimming kits for sale on underground web marketplaces as well as the exchange of code used to build new skimmers. Malwarebytes noted in its research that skimming tools are also becoming more difficult to detect in general:
Given the ongoing evolution of skimmers, organizations can contribute to the fight against Magecart actors by filing abuse reports with CERTs when specific sites suffer compromises. They should also use their available resources and cooperate with partners to help bring down these groups’ criminal infrastructure. Meanwhile, consumers should carefully choose with which platforms to share their credit card data and maintain an updated anti-malware solution on their machines.