Online shopping has become the norm for many people, offering convenience and a wide variety of products at our fingertips. However, as technology evolves, so do cyber threats. Magecart, a notorious cybercrime group, has recently upped their game with a new method of stealing sensitive data. In this blog, we'll delve into the Magecart campaign's latest tactics, the Kritec skimmer, and what you should be aware of to protect your information when shopping online.
A New Level of Realism:
Magecart is known for targeting e-commerce websites and stealing customer details and payment information using online skimming techniques. The latest Magecart campaign has caught the attention of cybersecurity researchers due to its realistic-looking fake payment screens. By using original logos from compromised stores and customizing a web element called a modal, the skimmer appears more authentic than the original payment page.
The Kritec Skimmer:
The new skimmer, dubbed Kritec, has been observed on an unnamed Parisian travel accessory store running on the PrestaShop CMS. Once a credit card is selected as the payment option, the malicious modal is loaded, capturing payment card details. After harvesting the data, a fake error message is briefly displayed before redirecting the victim to the actual payment page. The payment then goes through, and a cookie is dropped to mark the session as completed.
Evasion Techniques:
The Kritec skimmer is both complex and heavily obfuscated. It has been found to impersonate legitimate third-party vendors like Google Tag Manager to evade detection. The threat actors behind the operation are using different domains to host the skimmer, with each domain named similarly: "[name of store]-loader.js." This suggests that the attacks are targeting different online stores with custom modals.
Summary:
Magecart has taken a significant step forward in its tactics with the Kritec skimmer, creating fake payment screens that look even more genuine than the original. As online shoppers, we must remain vigilant and aware of the threats that lurk on the internet. Always ensure that you're shopping on trustworthy websites and be cautious when entering your payment information.
Key Terms and Explanations
Magecart: A term that refers to several cybercrime groups that employ online skimming techniques to steal personal data from websites, primarily e-commerce websites.
Skimmer: A piece of malicious code or hardware designed to steal sensitive data, such as payment card details, from users.
Modal: A web element used to display content over the main page, often used for forms, dialogs, and other interactive features.
Formjacking: A type of attack where cybercriminals insert malicious code into a website's form to siphon sensitive information from users.
Obfuscation: The practice of making code or data difficult to understand or interpret, often used by cybercriminals to conceal the true purpose of malicious code.
Have you ever encountered a suspicious-looking payment page while shopping online? If so, what tipped you off that something was amiss? Share your experiences in the comments section below!
Comments