Contact Contact Us

Magecart Skimmer Found in 201 Campus Online Stores

A threat group known as Mirrorthief was able to plant a payment card skimming script in 201 campus online stores after breaching the e-commerce platform provider, PrismRBS. The malicious JavaScript, designed to look like part of the Google Analytics service, was embedded in the PrismWeb platform and pushed down to all active deployments. It is unknown how many people were affected during the period when the skimmer was active from 14 – 26 April. In recent months, Magecart attacks have spread beyond Magento e-commerce platform to include other platforms such as OpenCart, OSCommerce, WooCommerce and Shopify. The skimmer script has also become more sophisticated and includes a polymorphic loader that works on most checkout pages and on any websites.

[1] Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
[2] Not All Roads Lead to Magento: All Payment Platforms are Targets for Magecart
[3] Polymorphic Skimmer Targets 57 Payment Gateways

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883