Everlast, the renowned American boxing equipment brand, recently fell victim to a brazen cyberattack orchestrated by a cybergang associated with the world’s biggest online bank heist. The attackers infiltrated Everlast’s online shop, discreetly capturing credit card data during the checkout process. Shockingly, this vulnerability remains active as events continue to unfold.
Investigation Exposes Sophisticated Attack Techniques, Magecart Group 4 Implicated
The malware responsible for the breach was uncovered by security researcher Darius Povilaitis and further investigated by the Cybernews research team, led by Mantas Sasnauskas and Vincentas Baubonis. The attack comprises two steps, starting with the injection of code that calls out to a remote URL within the everlast.com source code.
Notably, the malicious payload was detected in bootstrap.js, a JavaScript code hosted on cardkaze.com, a potentially compromised or intentionally deceptive website. Remarkably, the hackers’ tactics include exploiting vulnerabilities from an outdated WordPress version or its plugins, allowing them to plant a trojan skimmer on the website.
The trojan skimmer is loaded throughout the payment checkout process, acting as a banking trojan to monitor users’ online activities and intercept credit card data. This sensitive information is surreptitiously sent to a Telegram channel under the attackers’ control, cleverly bypassing automated detection through obfuscation and encryption.
The attackers have adopted a no-infrastructure approach, executing the malicious payload on hacked sites. The encrypted data is instantly delivered to a private group of criminals for illicit use in financial fraud. Alarmingly, only four out of 59 security vendors currently flag the file as malicious, underscoring the cybercriminals’ sophistication.
Researchers have traced the public key used for encryption to Magecart Group 4, a notorious hacking group connected to the Cobalt Group, known for its involvement in Carbanak’s financially-motivated intrusions targeting ATM systems, card processing, and SWIFT systems. The same group has also been linked to the largest online bank heist in history.
Summary
Everlast, the esteemed American boxing equipment brand, is grappling with a high-profile cyberattack orchestrated by a cybercriminal gang tied to the world’s most significant online bank heist. The attackers successfully infiltrated Everlast’s online shop and stealthily skimmed customers’ credit card data during the checkout process, remaining undetected for at least three weeks.
Security researchers discovered a trojan skimmer loader on everlast.com, indicating an ongoing vulnerability that could continue to endanger customers’ sensitive information. The attack was attributed to Magecart Group 4, a notorious hacking group with links to the Cobalt Group, known for its involvement in extensive financial cybercrimes.
Everlast’s monthly visitor count of 282.5K mainly comprises customers from the US and the UK, presenting a significant pool of potential victims. As the cybersecurity experts continue their investigation, Everlast customers who have used the website recently must take immediate action to safeguard their financial data. Affected customers should promptly notify their banks or credit card companies, consider blocking the card, and monitor their account statements for unauthorized transactions.
In response to the cybersecurity incident, Everlast must identify the source of the skimming code, implement tighter security measures, and update its systems regularly. Immediate action is essential to protect customers from potential financial fraud and other social engineering attempts following the data breach.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.