New Magecart Attack - ALERT
New Magecart Attack Using Modal Forms
Attackers are constantly improving their digital skimming techniques, and it's important for us to stay aware of the evolving threats. Recently, cybersecurity researchers at Malwarebytes discovered a new Magecart campaign - called Kritec - which deploys "Modal Forms" to deceive website visitors and to steal their payment data. These forms appear on top of the existing website content, appearing to create a seamless checkout experience for customers. However, these forms are actually designed to collect sensitive payment data and Personally Identifiable Information without the user's knowledge.
What's interesting and concerning about this campaign is the attention to detail the attackers have put into creating a realistic "customer experience." The modal payment form is meticulously designed to match the merchant's branding, complete with an animated brand icon, making it difficult to distinguish from the legitimate payment form. Once customers enter their details into the infected form, they receive a fake error message before being redirected to the genuine payment form.
It's crucial to understand the significance of these types of attacks. They continue to persist because they exploit the growing popularity of eCommerce, as well as the limited cyber security knowledge within the eCommerce community. The attackers behind these campaigns are constantly evolving their techniques and finding new ways to compromise merchants.
Typically the criminals target sites that exhibit one or more of the following characteristics
