Magecart

Posted: May 6, 2019

Magecart Description

Magecart is a label for multiple groups of threat actors who conduct 'sniffing' attacks that compromise vendors' websites for the sake of collecting their customers' credentials. These attacks occur at the time of purchase and may or may not show symptoms such as requests for more information. Updating software, remaining attentive during online purchasing and having anti-malware services present can help with preventing, detecting, and blocking Magecart skimmer attacks.

A Cartful of Robbery along the Digital Highway

While the cyber-security sector has a historical tendency of looking down on Web-sniffing campaigns, due to the low level of programming sophistication, skimming remains a viable hazard to Web shoppers around the world. The various groups of Black Hat entities responsible for launching these campaigns are being labeled loosely under the Magecart umbrella term. Unlike spyware or banking Trojans, Magecart collects their victims' information without infecting the user's computer.

Magecart campaigns employ families of Trojans, often using JavaScript and exploiting vulnerabilities in platforms like Magento, but not exclusively so. Some typical classes of threats in use include the ImageID JS-sniffer, the GetBilling JS-sniffer, the CoffeMokko JS-sniffer or the FakeCDN JS-sniffer. The threat actors may compromise either a third-party service, such as an advertising company like Adverline, for inserting Trojan skimmers into all of its affiliate vendors or target a specific vendor like the Australia's Puma. The object the insertion of corrupted code that remains hidden until a customer begins a transaction, at which point, it 'wakes up.'

From that point, Magecart attacks can intercept credentials like credit card numbers, encode them and transfer them to a C&C passively. However, they also have options not very different from those of the more sophisticated banking Trojans: modifying the customer's Web-browsing experience by inserting phishing requests for more details under the disguise of the transaction's requiring further authentication. Like most spyware, the only symptoms of Magecart's data-collecting attempts are present when the threat actors create them as a gamble for a bigger payout explicitly.

Keeping Your Cart Clean of Trojans

Magecart operations constitute a large body of separate threat actors' groups, not all of which behave identically to their fellows. As noted previously, some members, such as Magecart Groups 5 and 12, prefer compromising third-party ad suppliers, while others infect vendors' websites directly. While malware experts don't rate Trojan sniffers as being as threatening to most users as rootkits, RATs, or other, high-level threats, they do represent a significant privacy breach, regardless of their means of implementation.

Most Web-browsing security tools can provide various means of protecting your computer from a Magecart Trojan skimmer, including blacklisting Black Hat domains and auto-detecting corrupted scripts. Users can further help themselves by using script blockers for disabling Flash, JavaScript, and Java for sites that aren't safe, by watching for unusual interactions during the checkout process, and by watching their credit cards and bank accounts for unauthorized activity. Similar anti-malware solutions exist at the corporate level for disinfecting websites by removing Magecart Trojans.

Like any general-purpose label, Magecart applies to many Trojans and attacks, but with unification in their purpose. The common cause of every Trojan sniffer is getting online shoppers' information, and no one should take that for granted when they're handing out their credit card number.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Magecart may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Magecart may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.