Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites


#1

Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites (Sep 18, 2019)

A new series of “Magecart” skimming attacks have been discovered, targeting two undisclosed chain hotel booking websites. The websites affected were developed by Roomleader, a Spanish company that helps hotels build booking websites. According to researchers at TrendMicro, the attack is significant, given that the two brands have a combined 180 hotels across 14 countries. The malicious code was injected into the script of Roomleader’s “viewedHotels” module, which is used for saving the viewed hotel information in the visitor’s browser cookies. When the injected code detects the booking page, it will load another JavaScript from the URL where the card skimmer code is located. The skimmer hooks its function when a victim hits “submit” in a payment or booking, and then gathers information including credit card details, email addresses, names, and telephone numbers. Roomleader has been notified by TrendMicro regarding these attacks.

Recommendation: Websites require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping software up to date, it is essential that all external facing assets are monitored and scanned for vulnerabilities.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.