Skip to content

Cybersecurity Insights

Information security, payment security, website security, Forensic Investigations, Incident Response & Offensive Security articles

New Magecart Attack - ALERT

New Magecart Attack Using Modal Forms

Attackers are constantly improving their digital skimming techniques, and it's important for us to stay aware of the evolving threats. Recently, cybersecurity researchers at Malwarebytes discovered a new Magecart campaign - called Kritec - which deploys "Modal Forms" to deceive website visitors and to steal their payment data. These forms appear on top of the existing website content, appearing to create a seamless checkout experience for customers. However, these forms are actually designed to collect sensitive payment data and Personally Identifiable Information without the user's knowledge.

What's interesting and concerning about this campaign is the attention to detail the attackers have put into creating a realistic "customer experience." The modal payment form is meticulously designed to match the merchant's branding, complete with an animated brand icon, making it difficult to distinguish from the legitimate payment form. Once customers enter their details into the infected form, they receive a fake error message before being redirected to the genuine payment form.

It's crucial to understand the significance of these types of attacks. They continue to persist because they exploit the growing popularity of eCommerce, as well as the limited cyber security knowledge within the eCommerce community. The attackers behind these campaigns are constantly evolving their techniques and finding new ways to compromise merchants.
Typically the criminals target sites that exhibit one or more of the following characteristics

New Kritec malware targeting eCommerce