Magecart is an umbrella term for groups of cybercriminals and hackers who target e-commerce and other online shopping services to steal customer payment card information, credit card numbers and other personal information. Magecart got its name from the Magento shopping cart system - its popularity with some of the world’s leading e-commerce websites made it an attractive target for hackers. Attacks that exploit services like Magento to attack the websites using them are known as supply chain attacks. Magecart-type attacks are so widespread that the name is synonymous with any kind of credit card skimming or digital skimming attack.
Magecart uses card skimming code, code injections and other data exfiltration techniques to steal user data, including payment card details, from business websites.
Magecart skimmers have been detected on over two million global websites . The idea behind Magecart and similar attacks is to compromise a third-party piece of software on a retail website, like shopping carts, checkout pages or payment pages to steal customer data.
What makes Magecart so successful is that these attacks can go undetected for months or even years. All the malicious code is executed in the user’s browser - the ‘client-side’. It doesn’t impede the transaction in any way, so the customer carries on, the retailer receives their payment and no one detects the attack until it’s too late.
Magecart mainly targets e-commerce and other online shopping websites.
Magecart attackers are effective at exploiting unpublished zero-day vulnerabilities to attack online retailers and other websites. There are no patches for these vulnerabilities and, in most cases, website owners are unaware that the problem even exists.
Magecart is a type of formjacking - both exploit vulnerabilities in websites to steal data while it is being entered by end users.
Magecart refers to a global consortium of cybercriminal gangs, all acting independently but using similar techniques to launch credit card skimmers and other data theft attacks.
It’s never been more important to defend against Magecart and other client-side attacks.
Magecart is known to have been active from 2016. It grew from a single group injecting web skimmers on e-commerce sites but it wasn’t long before new groups appeared using different types of skimmers and adapting their malicious code injection techniques.
In 2018, it was listed on Wired Magazine’s Most Dangerous People on the Internet – the same year that a Magecart attack on British Airways’ website resulted in a massive data breach of over 565,000 credit cards at a cost of $230m in fines, the biggest GDPR fine to date. The threat is persistent: one-in-five Magecart-infected stores are re-infected within days. That’s because hackers often hide malicious code in multiple locations on a site, using backdoors, rogue admin accounts and reinfection mechanisms to regain a toehold after the business thinks the attackers have gone.
The global pandemic has driven an unprecedented increase in online transactions and e-commerce. By mid- April alone, US retailers’ online YoY revenue growth was up 68%, with a 146% growth in all online retail orders. As millions of people worldwide are affected by stay-at-home orders, we’re beginning to see a dramatic shift in consumer behavior towards everything-online. While many have observed that the digital disruption in commerce is inevitable, this crisis has accelerated that trend. To learn more about Magecart and other client side attack data, download our 2020 state of the web report.
Control Risk. Manage Trust.
Protect your website from client-side attacks with Tala Security. Tala prevents Magecart attacks by combining the power of standards-based security with patented analytics and automation to deliver rich insights into the code running on your website and safeguard it from attacks. Tala’s Web Application Runtime Protection (WARP) eliminates client-side vulnerabilities that lead to browser session attacks and data theft. Learn more about how Tala protects websites with WARP or view the solution brief.
Request a free website analysis to find out.