Magecart-style credit card sniffer spotted for sale, online retailers beware

News by Robert Abel

Online retailers should be on high alert for attacks carried out by a Magecart-style credit card sniffing tool similar to the one used to carry out the British Airways and Ticketmaster hacks.

Online retailers should be on high alert for attacks carried out by a Magecart-style credit card sniffing tool similar to the one used to carry out the British Airways and Ticketmaster hacks.

Armor researchers are warning retailers after spotting the tool for sale in a Russian forum on the dark web for US$ 1,300 (£1,031), according to a report by Armor Threat Intelligence.  


Russian ad for the Margecart-style tool.

The tool is advertised to contain two components: a standard universal payment card sniffer and a control panel. The tool’s control panel is capable of generating a custom credit card sniffer in a JavaScript file that will work on any e-commerce site that employs Magento, OpenCart or OsCommerce payment forms.

In addition, researchers noted it used Secure Socket Layer (SSL) protocol to encrypt the outbound payment card data being collected, which makes it harder for security teams to see the data being exfiltrated from the e-commerce site. 

Armor’s Threat Resistance Unit senior security researcher Corey Milligan believes the tool represents the first step in the commoditisation of the Magecart-style attack that will create a new line of revenue for the original Magecart threat groups while also saturating the threat landscape with attempts by low-level threat actors.

"We expect to see a mass of "Hail Mary" attacks, with the cyber-criminals intent on hitting as many sites as possible, hoping that some of them will succeed and be fruitful," Milligan said. "Unfortunately, the threat actors only have to be right once, and in this case, being right once could result in a haul of credit card data that is profitable and easy to sell on the Dark Web."

In addition, TRU team believes that the low-level threat actors will plug this tool into processes that involves the automated scanning for and the indiscriminate attacking of vulnerable e-commerce sites, even ones that don’t have the applicable payment form.  

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews