Magecart Claims Fresh Victim in Electronics Kit Seller Kitronik


Magecart Claims Fresh Victim in Electronics Kit Seller Kitronik (Nov 2, 2018)

Electronic kit seller, Kitronik, disclosed that they are the most recent victim of the payment skimming threat group, "Magecart." The company released a statement that they suffered a data breach that impacts their online customers who utilised their site to purchase items between August 2018 and September 2018. Magecart's payment skimming malware was detected on their online checkout page following an investigation that was triggered by a notification from Kitronik's payment gateway provider regarding a higher than normal amount of fraud on their site. According to Kitronik, the data stolen by Magecart includes: bank card numbers, CVV numbers, email addresses, names, and post addresses. Customers who created accounts before August 2018 are believed to not have their addresses compromised because only details entered at the checkout stage on the site between those dates might have been stolen. How Magecart compromised the website is currently unclear.

Recommendation: Magecart has stepped up the frequency of their attacks in the past several months, which means eCommerce sites need to ensure that their sites are secure and cannot allow for JavaScript payment skimming scripts to be injected on their checkout sites. With the holiday season quickly approaching, there will be an exponential increase in online shoppers, meaning Magecart and others will be more active. eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. A bad experience at a retailer site may mean the loss of revenue as impacted users take their money elsewhere.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.