Skip to main content

Magecart Hackers Compromise 80 More Online Transaction Websites (eCommerce Sites) to Steal Credit Cards.


Cybersecurity researchers have discovered over 80 Magecart compromised e-commerce websites that were actively sending credit card information of online shoppers to the attackers-controlled servers.

Operating their businesses in the United States, Canada, Europe, Latin America, and Asia, many of these compromised websites are reputable brands in the motorsports industry and high fashion, researchers at Aite Group and Arxan Technologies revealed today in a report shared with The Hacker News.

In a world that's growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce websites.

Magecart is an umbrella term given to different cybercriminal groups that are specialized in secretly implanting online credit card skimmers on compromised e-commerce websites with an intent to steal payment card details of their customers.


These virtual credit card skimmers, also known as formjacking attack, are basically JavaScript code that hackers secretly insert into a compromised website, often on the shopping cart page, designed to capture payment information of customers in real-time and send it to a remote attacker-controlled server.

Magecart is in the news a lot lately for conducting several high-profile heists against major companies including British Airways, Ticketmaster, Newegg, and others.

Flowchart Magecart Formjacking Attack

The newly disclosed campaign doesn't belong to a single group of Magecart hackers; instead, researchers used a source code search engine to search for obfuscated JavaScript on the Internet with malicious patterns that were previously seen in the Magecart's virtual credit card skimmers.

According to the researchers, the technique allowed them to quickly uncover more than 80 e-commerce websites compromised by Magecart groups, most of which were found running over outdated versions of Magento CMS that's vulnerable to an unauthenticated upload and remote code execution vulnerabilities.

"The absence of in-app protection, such as code obfuscation and tamper detection, makes web apps vulnerable to a type of cyberattack called formjacking," the researchers said.

"Many of the compromised sites are running version 1.5, 1.7, or 1.9. The arbitrary file upload, remote code execution, and cross-site request forgery vulnerabilities all affect Magento version 2.1.6 and below. While it can't be stated authoritatively that this is what led to the breach of these sites, these are vulnerable versions of Magento that allow adversaries to inject the formjacking code into the site."

Though the researchers have not named the compromised companies in its report, they worked with federal law enforcement to notify all affected organizations as well as off-site servers prior to publishing their report.


"Because this is an ongoing and active project, we have decided not to name the victim sites," the researchers told The Hacker News.

In addition, the researchers also analyzed Magecart's monetization activities and found that besides selling the stolen payment card data on the dark web forums, the attackers also purchase merchandise on legitimate online shopping sites and ship them to pre-selected merchandise mules in an attempt to launder the fraudulent transactions.

"To recruit merchandise mules, the attacker posts jobs that offer people the ability to work from home and earn large sums of money to receive and reship merchandise purchased with the stolen credit card numbers," the researchers say.

The mules then work with local shippers who receive under-the-table pay to send merchandise to the eastern European destinations, where it is sold to local buyers, eventually profiting attackers as a second line of revenue.


The researchers recommend e-commerce websites to, at foremost priority, update or patch their platform software to the latest version that protects them from known exploits.

Besides this, e-commerce websites should also implement code obfuscation and white-box cryptography to make the web forms unreadable to the adversary, as well as solutions to detect unauthorized modification of website files.

Online shoppers are also advised to regularly review their payment card details and bank statements for any unfamiliar activity. No matter how small unauthorized transaction you notice, you should always report it to your financial institutions immediately.







Comments

Post a Comment

Popular posts from this blog

More Than 100 Angry Youths Chased Maracha District Officials Out of Site Meeting Over Corruption.

📸: Some of the angry Youths displaying placards as others walked in to stop the ongoing meeting by Maracha District officials. Story by Osuta Yusuf. Maracha District. 3-February-2025. 📸: Kololo Public Seed Secondary School whose construction project has again stalled. Photo by Osuta Yusuf, Our News Reporter. The angry youths from Vurra Parish, Tara Sub-county in Maracha East constituency, Maracha District have on Monday 3-Feb-2025 chased the entire Maracha District officials out of a site meeting in Kololo Seed Secondary over allegations of corruption stemming from the stalled seed school construction project. Key Maracha District officials who went for the site meeting on Monday 3-Feb-2025 include, the Security department headed by the deputy RDC Koliba Monica Kotevu and Assistant RDC Collins Dramani, the LC5 Chairperson Hon Obitre Stephen together with his DEC Councilors, the accounting  / technical department headed by the CAO Mr Olila Patrick, the Engi...
Post a Comment
Read more

Ambassador Angualia Richard Perished in a Fatal Accident.

Story by Osuta Yusuf. Arua City. 29-7-2025. 📸: Portrait of Ambassador Angualia Richard. Courtesy Photo. Former Uganda's Ambassador to Egypt, Ambassador Angualia Louis Richard has been reported dead this evening 5pm 28-7-2025 after he was involved in a head-on collision accident with another motorcycle rider near Abi Farm, Ayivu East Constituency in Arua City. 📸: Photos from the scene of the Accident. Courtesy Photos. He met his death this evening while riding on a Bajaj Motorcycle. Amb. Angualia, who contested in 2011 for Maracha County but lost to Hon Alex Onzima Adrooa. In 2016 when two Constituencies were created in Maracha District, carving Maracha Constituency and Maracha East constituency, Ambassador Angualia contested for Maracha Constituency MP position in 2016 but lost to Hon Oguzu Lee Denis. Ambassador Angualia later shifted to contest in Maracha East Constituency but again lost to Hon Ruth Lematia Molly Ondoru during the 4-September-2020...
1 comment
Read more

Lab Student Drowned, Body Missing in Rokoze Lake in Nyadri Sub-county, Maracha District.

Maracha District.  5-December-2025. 📸: Residents gathered around the lake as they searched the missing body of the student. Photo by #Information_is_Power's news reporter.  This afternoon Friday 5-December-2025, a student from St Joseph Laboratory Training School in Maracha hospital, a one  Araku Denis drowned in Rokoze water body in Nyadri Sub-county and the  body has not been retrieved upto this night as the police and residents searched for it and in vain but they are expected to resume retrieving it tomorrow Saturday 6-December-2025. 📸: Photo of the deceased which we captured on his phone screen this night. Araku and his fellow students had  reportedly gone to pass time at water point after completing exams papers of today. Him and callagues got attracted to swimming at water body where he perished.  By press time, efforts to retrieve his body proved futile as the body remains invisible on water surface.  Rokoze water body...
Post a Comment
Read more