Magecart Targets OpenCart Websites Payment Information

Opencart based online stores are now under the radar of Magecart group, a notorious group which is known for performing credit card skimming attacks.

The latest string of attacks from the group came into light after Yonathan Klijnsma of RiskIQ reported them after finding Group 12 of Magecart with skimmers on OpenCart sites similar to the ones used to target Magento-based sites. According to the report, the skimmers made use of a domain name called ‘batbing[.]com’ in the exploits.

Klijnsma observed that Group 12 used a JavaScript code known as ‘pre-filter’ to decide if they wanted to inject skimmers on the site.The script searched for the word ‘checkout’ in the URL visited by shoppers and then proceeded with inserting the skimmer. Following this, the credit card information entered by users would be stolen.

A replica of Bing's search engine script was also found on the checkout page.Earlier, a French advertising company named Adverline was a victim of the groups' multiple credit card skimming attacks.

Apart from that, it has also compromised numerous e-commerce sites running on Magento, OpenCart, and OSCommerce, and also several other Wordpress sites.Their attacks are carried out by injecting skimming code in JavaScript libraries used in these sites. Unpatched platforms are a major issue.

“Major online stores running these platforms are usually victimized when a platform-wide vulnerability comes out that requires immediate patching. But the majority of outdated platforms run on smaller, mostly unknown stores. Attackers target plugins installed on these platforms, which are often vulnerable because their developers write code for functionality over security,” Klijnsma wrote on his blog explaining the reason for the attack.