U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

MageCart attack hit Australia bushfire Donors

A new MageCart attack made the headlines, crooks installed a software skimmer on a website that collects donations for the victims of the Australia bushfires. Experts from Malwarebytes have discovered a new Magecart attack that compromised a website collecting donations for the victims of the Australia bushfires. Crooks planted a malicious script on the website […]

australia bushfire donations

A new MageCart attack made the headlines, crooks installed a software skimmer on a website that collects donations for the victims of the Australia bushfires.

Experts from Malwarebytes have discovered a new Magecart attack that compromised a website collecting donations for the victims of the Australia bushfires.

Crooks planted a malicious script on the website that was designed to steal the payment information of the donors and send them to a domain under the control of the attackers.

The software skimmer named ATMZOW was planted in the checkout page and is executed when visitors of the site adds an item to their cart.

australia bushfire donations
Source Bleeping Computer

Stolen credit card data are sent to the vamberlo[.]com domain.

“Malwarebytes’ Jérôme Segura has told BleepingComputer that once they became aware of the compromised site they were able to get the vamberlo[.]com shut down.” states the post published by Bleeping Computer.

The malicious domain used by the attackers was shut down, this means that the software skimmer is not able to send the stolen credit card data to the attackers, but we cannot exclude that attackers could use a different domain. The only way to secure the website is to remove the software skimmer, but the malicious code has yet to be removed.

Malwarebytes attempted to contact the owner of the website without success.

Unfortunately, many other e-commerce sites were compromised with the ATMZOW skimmer. Querying the PublicWWW online service for the malicious skimmer we can find it on tens of websites.

Recently other MageCart attacks were reported by security experts, last week experts reported that the Magecart group has compromised the website of the photography and imaging retailer Focus Camera.

Two distinct MageCart groups have compromised multiple European websites for the Perricone MD anti-aging skin-care brand with the intent of stealing customer payment card info.

A few days ago I reported the news of two Magecart groups that planted software skimmers on Perricone MD websites in ItalyGermany, and the U.K..

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – MageCart attack, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]