Criminals have hijacked websites looking to raise money for the victims of the devastating Australia fires.
According to the Malwarebytes Threat Intelligence Team, cybercriminals have injected malicious script into donation sites to steal the payment information of donors.
This kind of attack is known as Magecart and it involves hackers compromising a website to inject malicious JavaScript code into a site's ecommerce or checkout pages. These scripts are used to steal credit card or payment information which is then sent to a remote site controlled by the attackers.
- Magecart hackers target popular poker software
- Macy's hit by customer data breach
- IoT devices now top priority for cybercriminals
While the attackers' intention was to target the site itself, unfortunately the donors as well as the victims of Australia's bushfires will end up paying the price.
Magecart attack
The Magecart attack targeting the donation website works by adding a malicious credit card skimmer script called ATMZOW into a user's cart at the site's checkout page. When they submit their payment information as part of the checkout process, the malicious script steals the submitted information and sends it to a domain controlled by the attackers.
According to Malwarebytes Jérôme Segura, the compromised site has now been shut down which means that donors will no longer have their payment information stolen. However, as the code is still active on the site, the attackers could modify it to use a new domain and begin collecting user's payment information once again.
Bad Packets Report's Troy Mursch used the PublicWWW tool to discover that the same script used by the attackers is currently active on 39 other websites.
Cybercriminals are constantly looking for new sites to target and unfortunately the donors trying to help victims of the Australian bushfires were caught in the crossfire.
- We've also highlighted the best antivirus software
Via BleepingComputer
