Magecart credit card skimmers typically target users through their web browser when shopping online but new research from Malwarebytes has discovered that cybercriminals were able to compromise poker software to do so as well.
Poker Tracker is a software suite used by online poker enthusiasts to improve their chances of winning by making decision using statistics compiled from the gameplay of their opponents. Malwarebytes first began its investigation into Poker Tracker when its anti-malware blocked the software from connecting to a domain known to host credit card skimmers.
- Magento ecommerce sites at 'high risk' of cyberattack
- Attacking the supply chain - should your business be worried?
- From student message board to open-source CMS: a Q&A with the creator of Drupal
Upon closer inspection though, the researchers found that the software can load and display web pages from PokerTracker's subdomain 'pt4.pokertracker.com'. The cybercriminals hacked both Poker Tracker's software and its website and injected them with malicious code that the software loaded every time it launched. This led any payment made through the software or its website to copy the attacker with the payment details.
The cybercriminals that compromised PokerTracker's website were able to do so because the site was running an outdated version of Drupal CMS. The site was running Drupal 6.3.x while the latest release is 8.6.17 and in that time, many known vulnerabilities have been patched.
However, Malwarebytes security researcher Jérôme Segura noted that it was unusual to see credit card skimmers targeting Drupal since they typically are found on ecommerce platforms with Magento being the most popular target.
The cybersecurity firm informed PokerTracker regarding the issue and it has since been fixed but Segura explained in a blog post (opens in new tab) that we should expect to find credit card skimmers in unexpected locations going forward, saying:
- Also check out the best antivirus software of 2019