- Researchers found skimmers on nine websites, and four of them still have the snippet running.
- The actor behind this new scheme seems to be “MageCart Group 12,” coming from Russian infrastructure.
- If you have shopped from the nine platforms recently, you should start monitoring your bank account closely.
- “Suplementos Gym” - notified on January 31 and again on February 7, skimmer eventually removed;
- “Bahimi Swimwear” - infected in November 2019, skimmer removed on February 7;
- “TitansSports” - notified in early January and removed the skimmer;
- “BVC” - infected on February 3, skimmer still present;
- “MyMetroGear” - notified on February 4, skimmer still present;
- “True Precision” - notified on February 4, skimmer still present;
- “Fashion Windows Treatments” - notified on February 6, skimmer still present;
- “Skin Trends” - notified on February 6, skimmer removed;
- “Natonic” - responded immediately and removed the skimmer;
That said, if you bought something from the above websites recently, you might have had your payment data stolen by Russian hackers. To mitigate the risks of being burdened by fraudulent transactions, you should monitor your bank account and credit card activity, and report anything suspicious to your card issuer immediately. If you do that in time, the bank will reverse the transactions, and you won’t have to cover the associated expenses. For those who can’t afford to take any risks, there’s always the option of freezing your account.
The skimmer was hosted on “toplevelstatic.com,” and the script is the same one that was recently used by “MageCart Group 12,” one of the most active and prolific actors in the field. The e-commerce platform administrators should have acted more responsibly, keeping their website code clean and up to date. Still, instead, they have failed to address the problem even after researchers pointed it to them. Magecart skimmers are on the rise, so if you don’t trust websites, you may at least use a trusty internet security suite that would detect these malicious snippets while you browse the net. Other than that, choose electronic payment methods instead of paying with your card. You can also shop from bigger and more reputable stores, as they pay greater attention to their security.