Comment: Magecart Skimmers Found Targeting Routers For Customer Wi-Fi Networks

By   ISBuzz Team
Writer , Information Security Buzz | Sep 26, 2019 05:09 am PST

Security researchers at IBM X-Force IRIS have found evidence of Magecart skimmers targeting commercial layer 7 (L7) routers to steal payment card details of users. Up until now, Magecart-specific code was only delivered at the website level, with web skimmers hiding the code inside PHP or JavaScript files. But researchers say they have found hackers designing and testing malicious scripts that they can inject onto L7 routers – potentially exposing guests connecting to Wi-Fi hotspots to payment data theft.


Full story here:

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Craig Young
Craig Young , Principal Security Researcher
September 26, 2019 1:10 pm

Injecting JavaScript payloads into the connections of unsuspecting hotel guests is a huge win for scammers looking to gain access to sensitive data or resources. In addition to being able to completely alter the look and behavior of unprotected sites, JavaScript can initiate functions which persist across network changes potentially giving attackers access to restricted networks. Consider for example someone using the WiFi from a hotel while on a business trip to a satellite office. JavaScript loaded from this hotel WiFi may actually remain executing (through WebWorkers or open tabs) the following morning when the same computer is connected to the corporate intranet. This JavaScript can now, to some extent, relay connections through the unsuspecting employee laptop and onto network resources.

Last edited 4 years ago by Craig Young

Recent Posts

Would love your thoughts, please comment.x