Magecart Group Goes After Commercial Router Users

Magecart Group Goes After Commercial Router Users

Originally Published on this site

Magecart Group Goes After Commercial Router Users

Magecart Group Goes After Commercial Router Users 1

Security researchers have spotted a new tactic being trialed by Magecart hackers: targeting commercial grade routers to skim large volumes of card details.

Magecart is the generic name given to a number of groups using JavaScript code to covertly steal card details from users. The tried-and-tested technique used up until now involves injecting this code into a website’s payment page, either directly or through the compromise of a third-party provider.

However, according to IBM, Magecart Group 5 (MG5) is testing malicious code which could be injected into legitimate JavaScript loaded by Layer 7 routers.

These routers are typically used in venues such as airports, casinos and hotels to serve large numbers of users — theoretically giving the attackers a major haul of card details if they succeed.

“We believe that MG5 aims to find and infect web resources loaded by L7 routers with its malicious code, and possibly also inject malicious ads that captive users have to click on to eventually connect to the internet,” IBM said in its report.

“The compromise can therefore be two-fold: 1. Guest payment data can be stolen when they browse through a compromised router; 2. malicious content can be injected into web pages viewed by all connecting guest devices, including those who pay to use the internet and those connecting to hotels’ free Wi-Fi hot spots.”

IBM also claimed to have found evidence that MG5 had injected malicious digital skimming code into a popular open source mobile module which provides sliding features on devices. This kind of supply chain attack could result in spreading the code to all apps which unwittingly incorporate that module, in order to steal data en masse from users.

This is in keeping with MG5’s usual MO, which is to target larger numbers of victims by infecting third-party platforms, improving the ROI of attacks versus those such as the raids on BA and Newegg which targeted the website/e-commerce provider directly.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)