The online store of the American Cancer Society has become the latest victim of credit card-stealing malware. Cybersecurity experts identified the malicious activity on the organization's store website that was designed to look like normal analytics code, but in reality, it is capable of stealing credit card numbers. Reports revealed that similar code has been seen in attacks against, British Airways, Ticketmaster and others.
The threat actor behind newly detected malware attack is known as Magecart who sell these credit card details on the dark web or use these numbers to commit fraud. In a blog post, Security researcher Willem de Groot explained how the malware infected American Cancer Society's online store and shared details with TechCrunch.
While explaining the breach the expert said that the malicious code was designed to send collected credit card numbers to a third-party server, which is operated by Magecart. When the code, which was malformed that led it to be inserted twice, was decoded, it revealed the address of the third-party server, managed by the hacker. As per the Trend Micro, the domain is registered in Moscow and used by Magecart.
It should be mentioned that after De Groot found the malicious activity on Thursday, October 24 that was launched at some point last week, he informed the American Cancer Society. But the code was not immediately removed. As of now, there is no revelation on how many users of the site were affected by this malware incident. But it is advised that people who visited the organization last week should contact their payments provider as soon as possible.
Recently it was revealed that 621 government entities, healthcare service providers and school districts, colleges as well as universities were attacked by ransomware in the US. These attacks happened in the first nine months of 2019, focusing the current trends in the world of hacking that include attacks via MSPs, bigger ransom demand, cyber insurance and email and Remote Desktop Protocol (RDP).
Recently it was revealed that Chrome and Firefox are being hit by a new type of malware that can intercept encrypted web traffic. As per the new findings by Kaspersky, the malware is a remote access trojan (RAT) that makes the infected system open to the vulnerabilities over a network. In this scenario, a cybercriminal could easily download, upload and execute files. But the Kaspersky researchers haven't yet identified for exactly what the creators of this malware intended to use it for.