Credit Card Stealiing Magecart Malware Infects Feedify Service

Discussion in '[H]ard|OCP Front Page News' started by cageymaru, Sep 12, 2018.

  1. cageymaru

    cageymaru [H]ard|News

    Messages:
    18,649
    Joined:
    Apr 10, 2003
    Security researchers Placebo and Kevin Beaumont have discovered a Magecart malware infection in the Feedify JavaScript library used by thousands of eCommerce websites. Feedify is customer engagement tool that boasts of reaching 1 billion devices worldwide and the Magecart malware steals credit cards. According to Bleeping Computer, another security researcher, RiskIQ's own Yonathan Klijnsma verified that the Feedify stream is still infected. RiskIQ alleges that the Magecart group is responsible for the Ticketmaster and British Airways hacks.

    In order to use the Feedify service, e-commerce sites need to add a Feedify JavaScript script to their site. If the Feedify script is compromised with MageCart, any visitors who go to e-commerce site that uses the Feedify script will also load the malicious code.
     
  2. BSmith

    BSmith [H]ard|Gawd

    Messages:
    1,095
    Joined:
    Nov 9, 2017
    It's just not safe out there anymore!
     
  3. Dead Parrot

    Dead Parrot [H]ard|Gawd

    Messages:
    1,906
    Joined:
    Mar 4, 2013
    Gee, what can go wrong with allowing a 3rd party ad company to spy on credit card transactions? Have to wonder how these eCommerce sites are allowed to connect to the credit card networks while running this crap. Seems a definite violation of basic PCI security standards.
     
    PaulP likes this.
  4. nutzo

    nutzo [H]ardness Supreme

    Messages:
    6,969
    Joined:
    Feb 15, 2004
    This is why I have a separate credit card I use when I make purchases on small, questionable company web sites.

    Need at least 5 cards.

    1 main credit card for most purchases
    2nd card for ongoing payments like cable, trash, and any other utilities that don't charge extra.
    3rd card as a backup and for questionable web sites (not a big deal if it's compromised since usually doesn't have any other charges on it)

    Amazon card for Amazon (5% off with prime)
    Target card for Target (5% off)

    Wife is on the main card, but also has a couple of her own cards to maintain her credit rating.

    Always pay the cards in full, so no interest or yearly fees. Plus I get between 1% and 5% back on every purchase, and a 20-30 day float on the money.
     
  5. capt_cope

    capt_cope Gawd

    Messages:
    720
    Joined:
    Apr 12, 2009
    You forgot the penfed card (5% off all gas purchases and 3% off all grocery store purchases with no upper limit.)
     
  6. Dekoth-E-

    Dekoth-E- [H]ardness Supreme

    Messages:
    7,295
    Joined:
    Mar 23, 2010
    Reloadable card for all online purchases. Load it as you need it. Problems solved. Get an Amex bluebird or a 5th 3rd bank or both and you can shop basically anywhere. Takes seconds to transfer money from your account to one on your phone and if it ever gets compromised..It literally cannot be charged anything not on it. I 100% quit using my regular credit or debit cards for pretty much everything online years ago.
     
  7. pek

    pek prairie dog

    Messages:
    553
    Joined:
    Nov 7, 2005
    BoA has "shop safe" you can create a new card number when you want. It's tied to one of your cc accounts, but you can make a new cc for just the amount you want, with an expiration date you want. If you have recurring charges, create one for recurring charges (different from the basic cc). And, if you use one as one of your regular payment methods, you can 'reload' it by adding to the spending limit when you want.