In Plain Sight II: On the Trail of Magecart

A new Aite Group report has revealed 80 e-commerce sites actively sending credit card numbers to offsite servers.

Boston, September 10, 2019 — Exploiting a type of breach called formjacking, Magecart group hackers inject an e-commerce checkout form with malicious code that sends buyers’ credit card information to an offsite server under the hackers’ control. These groups then sell the credit card numbers on the dark web and use the credit cards to purchase high-cost goods in the United States and resell them in other markets. In-app code obfuscation and tamper detection can alert to and prevent formjacking, but e-commerce web applications that aren’t being properly secured with these in-app protections have created a massive attack surface. The final installment of the In Plain Sight series and Aite Group’s latest report, In Plain Sight II: On the Trail of Magecart, examines e-commerce web applications that aren’t being properly secured with in-app protection. 

“Magecart is a moniker under which numerous groups operate, and these groups are singularly focused on the widespread compromise of e-commerce websites with the intent of collecting and monetizing stolen credit card information and personally identifiable information,” explains Alissa Knight, senior analyst at Aite Group. “More than 80 actively compromised sites were discovered in this research,” she adds. 

This research, sponsored by Arxan Technologies, follows the trail of servers compromised by Magecart groups as well as the collection servers to which the sites were actively sending stolen credit card data. The data forming the basis of this report was collected and analyzed by Aite Group using primary research methods to discover 80 compromised e-commerce sites globally. The report reveals the vulnerabilities that the group exploited to gain unauthorized access to the sites and to inject formjacking code into the sites’ checkout forms. 

To request a press copy of this report or to speak with Alissa Knight about this topic, please contact us at pr@aitegroup.com.

About Aite Group:
Aite Group is a global research and advisory firm delivering comprehensive, actionable advice on business, technology, and regulatory issues and their impact on the financial services industry. With expertise in banking, payments, insurance, wealth management, and the capital markets, we guide financial institutions, technology providers, and consulting firms worldwide. We partner with our clients, revealing their blind spots and delivering insights to make their businesses smarter and stronger. Visit us on the web and connect with us on Twitter and LinkedIn.

Press Contact:
Siobhan Scanlan
Public Relations
+1.617.398.5064
PR@aitegroup.com