Card Skimming Hack Targets 201 Campus Stores in North America (May 6, 2019)
Trend Micro researchers have identified a threat group, dubbed “Mirrorthief” utilizing card skimming techniques used by the financially-motivated threat groups referred to as “Magecart,” to steal payment card information from college campus online stores. Researchers found that Mirrorthief conducted their payment card theft on April 14 by targeting said college/university stores located in Canada and the United States. Injecting scripts into the checkout pages of the sites, the attackers were able to steal addresses, card details, names, and phone numbers. PrismRBS, who developed the checkout pages, learned of the attack on April 26, and subsequently contacted customers, law enforcement and card providers.
Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. A bad experience at a retailer site may mean the loss of revenue as impacted users take their money elsewhere. Potential victims have been contacted, however the user can contact their bank to ensure no unauthorized payments have been made.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.