Tupperware Site Hacked by Digital Skimming Gang

Tupperware Site Hacked by Digital Skimming Gang

Originally Published on this site

Tupperware Site Hacked by Digital Skimming Gang

Tupperware Site Hacked by Digital Skimming Gang 1

Household brand Tupperware has had several websites compromised by digital skimming code, potentially exposing a million monthly visitors, according to Malwarebytes.

The security vendor discovered a targeted attack aimed at the company’s main dot com site and several localized versions last week.

To harvest Tupperware customers’ card details, the hackers inserted a fake iframe in the site’s checkout page to mimic a real payment form. On further discovery it was found to be loading content from deskofhelp[.]com, a domain registered just days earlier, on March 9, buy a .ru email address.

The same domain is also hosted on a server alongside multiple phishing domains, explained director of threat intelligence, Jérôme Segura.

“The criminals devised their skimmer attack so that shoppers first enter their data into the rogue iframe and are then immediately shown an error, disguised as a session time-out,” he added.

“This allows the threat actors to reload the page with the legitimate payment form. Victims will enter their information a second time, but by then, the data theft has already happened.”

The fraudulent payment form itself was activated by malicious code hidden inside a PNG file, a technique known as steganography. It’s unclear exactly how Tupperware was first hacked to insert the malicious image, but Segura claimed it may have been running an outdated version of the Magento e-commerce platform.

However, the group behind the attack isn’t as polished as many others carrying out Magecart-like attacks. For one, they forgot to localize the iframe, so that on foreign language versions of the site, the fake payment page still appeared in English.

Segura claimed that digital skimming attacks are likely to be ramping up now as online orders come flooding in from shoppers kept at home by COVID-19.

Although Tupperware did not respond to Malwarebytes’s emails, phone calls and social media messages, the PNG file and malicious JavaScript was removed as of Wednesday.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)