As reported by Bleeping Computer, in just a few weeks, the security researcher Max Kersten collected over 1,000 domains with payment card skimmers. It exposes the reality that MageCart is still a prevalent threat that targets unprotected webshops.
A decade ago, Magecart was first discovered by cybersecurity company RiskIQ. But in the past two years, the attacks have drastically increased hitting large companies like British Airways, Ticketmaster, OXO, Newegg. That is why automated systems assigned to this threat discovered hundreds of thousands of websites that on checkout pages malicious JavaScript made to rob shoppers of their card data.
Web card skimming can be extremely lucrative when it works, which is why cybercriminals are going to great lengths to achieve the perfect digital heist. Once pulled off, it can often be months before the alarm bells ring. At a time like this, many companies may take their eye off the ball, but these threat actors are persistent and will exploit anywhere they can.
The automated nature of these attacks suggests that the code used in the website was not properly secured as the attackers were able to automatically spot which sites had vulnerabilities. This highlights the need for web developers, especially ones dealing with inputs of sensitive information like credit cards, to keep updated for any discovered vulnerabilities to reduce exposure. The likes of Ticketmaster and British Airways have been struck in the past like this so these attackers are clearly aiming big.