Magecart is an association of cybercriminal who targets online Magento shopping cart systems and steal customer payment card information. It is also known as a supply chain attack. The reason behind these attacks is to compromise the third party piece of software and get information about their clients. Shopping carts are attractive because they carry payment information of the customer and hackers get a ready-made card collection. All e-commerce sites use the shopping carts and they don’t vet the code which is used by the third-party pieces.
The use of magecart was started back in 2016 and still very fertile. Some of the magecart attacks of the last two years are Ticketmaster in January 2018, British airways in august 2018, NewEgg electronics in September 2018, shopper approved in September 2018, Topps sports collectible website in November 2018, Hundreds of college campus bookstores in April 2019 and Forbes magazine subcribers in May 2019.
How Magecart works
The magecart hacker after injecting malware on the website of the shopping cart gets a piece of javascript code which they use to gather information. The hackers have used around 40 different code-injections until now.
The cybercriminals upload code to a used GitHub project to host malware. The hacker takes ownership of the project by publishing a new version of the code that contains the malware. After injecting the code, the malware becomes active and takes over the website. Cybercriminal uses codes that are not scanned by security products and get away with compromised projects.
Magecart prevention methods
The cybercriminals use different techniques and technologies to implement and hide malware but there are various ways the owner can spot suspicious action. Magecart can be detected by some free website scanners and browser development tools.
Given below are a few techniques that can stop magecart and other supply chain attacks from your website.
- Identify all associated third-party e-commerce and online advertising vendors. Make sure they do self-assessment of their code and audits.
- Put into practice sub-resources integrity so that modified scripts are loaded with your permission.
- Inspect all the endpoint protection providers and make sure that they can stop magecart and supply chain.
- Make sure your company insurance policy covers magecart attacks.