Researchers have identified a web skimmer on Segway’s online store that enabled threat actors to steal credit cards and customer information when they checked out. Segway is the maker of two-wheeled, self-balancing personal transporters Segway store compromised with Magecart skimmer | Malwarebytes Labs.
<p>Magecart attackers continue get more creative with their techniques in order to evade detection, especially given advancements in security solutions over the years. By hiding the skimmer script inside a favicon pretending to display the site’s copyright, neither manual code reviews, static code analysis or scanners could have detected this easily. E-commerce businesses need a real-time monitoring solution that detects access to sensitive fields and attempts to exfiltrate personally identifiable information from the client side. It is important that users of Magento understand the need to disrupt the web attack lifecycle by stopping the theft of account and identity information from their site, and implement a solution to help do that. Taking action before it is too late will also help prevent damage to the brand’s reputation as well as limit potential liability for non-compliance.</p>