MageCart compromises Feedify

Magecart cyber criminal group has been targeting numerous eCommerce sites since 2015, to include Ticketmaster and British Airways. 

The latest Magecart victim appears to be cloud service provider Feedify.

Magecart modified Javascript library hosted by Feedify and infected with payment card skimming code dubbed MageCart used to steal victims’ payment card details. The data was sent to outside systems likely owned by the Magecart fraudsters. 

The Register reported on the incident earlier this week when more details surfaced on Wednesday.

The report mentioned MageCart was spotted on Tuesday by security researcher that goes by the name Placebo on Twitter.  Placebo reported the issue was disclosed and then fixed by Feedify, but infections returned on Wednesday.

However, another researcher Kevin Beaumont said it was the third time Feedify’s systems were compromised by MageCart. He warned all vendors to remove the JavaScript link as soon as possible from their stores, given Feedify was still compromised at the time. 

Threat researcher Yonathan Klijnsma from RiskIQ also added via Twitter that Feedly was likely compromised with MageCart since August 17th 2018.

Experts surmise there could be insider access to systems, internal infected system and/or stolen credentials that could have led to the repeated code compromise. 

This Post Has One Comment

Leave a Reply

Close Menu