cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,086
Magecart Group 12 is suspected of compromising an ad agency that delivers advertising to eCommerce websites. By directly injecting payment skimming code into JavaScript libraries provided by French online advertising company, Adverline to its eCommerce customers, it enabled all websites embedded with the script to load the skimming code. Thus the group was able to steal payment information from consumers by infecting a 3rd party website. This allows the Magecart groups to expand their reach and pilfer more data. Once information is entered into a webpage's typing form, the script will copy the information and it is stored until the victim closes the webpage. At that point, the information is sent to a remote server.
In Adverline's case, code was injected into a JavaScript library for retargeting advertising. It's an approach used by e-commerce websites where visitors are tagged so they can be delivered specific ads that could attract them back to the websites. At the time of our research, the websites embedded with Adverline's retargeting script loaded Magecart Group 12's skimming code, which, in turn, skims payment information entered on webpages then sends it to its remote server.
In Adverline's case, code was injected into a JavaScript library for retargeting advertising. It's an approach used by e-commerce websites where visitors are tagged so they can be delivered specific ads that could attract them back to the websites. At the time of our research, the websites embedded with Adverline's retargeting script loaded Magecart Group 12's skimming code, which, in turn, skims payment information entered on webpages then sends it to its remote server.