Shopping cart attack provides insight into criminal operations

The Magecart attack which injects JavaScript into unpatched eCommerce sites in order to capture payment information first appeared in October last year. Researchers at threat management specialist RiskIQ have been following a new strain of Magecart and found that it offers a rare insight into the operations of the actors behind digital threats. By logging consumer keystrokes, Magecart captures large quantities of payment card information from unsuspecting shoppers. This stolen data typically gets packaged and sold as CVV dumps, on websites where transactions involving stolen credit card data take place. But RiskIQ's research shows that there are other ways in… [Continue Reading]