As reported by Techradar, hackers related to MageCart compromised Macy’s online payment system early last month. MageCart consists of a loose group of hackers around the world that compromise primarily magneto payment systems. By inserting malicious code into Macy’s online payment page, they captured all payment card information needed to comprise user credit cards. They data they captured included first names, last names, addresses, cities, states, zip codes, payment card numbers, payment card security codes and the expiration date of the cards. Additionally, the malicious script compromised phone numbers and email addresses from the victim’s accounts.
Macy’s security team found the malicious code on their website on October 15. They promptly removed the code, but it had already been running for at least a week on the ‘Checkout’ and ‘My Wallet’ pages. Between October 7th and 15th, if a customer submitted any payment information on those pages, the malicious script compromised the payment details sending the data to MageCart’s remote server.
MagaCart compromises payment pages through exploits in the web page or interfering in the production line to produce the websites code. In the past, they compromised the code repository where the source code is stored and input their own code. If the web server updates its code automatically, the malicious code hosted in the repository would be applied to the website.
If you run a website with payment information, make sure you frequently audit all code updates to the site. The malicious code that these attackers use usually comes in the form of obfuscated JavaScript. On the other side, website users don’t have a lot to go off unless they inspect the website’s code, or the malicious script breaks the payment form. User can also inspect DNS traffic for connections to malicious domains. WatchGuard customers with TotalSecurity are safe since DNSwatch does this automatically. This will help keep your data safe in cases where attackers use a domain name to host their malicious code.