Website of gunmaker Smith & Wesson hit by a Magecart attack
The US gunmaker Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software skimmer.
A new Magecart attack made the headlines, the victim is the American gunmaker Smith & Wesson. The hack took place last month, the attackers planted a malicious software skimmer on its website to steal customers’ payment card data.
The hack was discovered by the researcher Willem de Groot from security firm Sanguine Security, the attackers planted the software skimmer on the Smith & Wesson e-commerce on November 27.
The expert discovered that the software skimmer and the infrastructure identical to the campaign that impersonates Sanguine Security. Hacker registered skimming domains using de Groot name and disguises as Sanguine protection.
Sanguine Security [email protected]
Skimming code & infrastructure is identical to the campaign that impersonates Sanguine Security. Hacker registered skimming domains in my name and disguises as Sanguine protection. https://twitter.com/eComscan/status/1200749626988662784?s=20 …
Alert: new Magecart skimmer campaign disguises as Sanguine protection. Domains: sansec[.]us, sanguinelab[.]net are used to funnel stolen payments.
The compromised Smith & Wesson online store loads malicious code from a domain set up by the attackers, the malicious code was designed to capture personal and financial information provided by the users on the checkout page.
At the time of writing the software skimmer is still present on the online store:
the script changes depending on the section of the site visited by the users.
“This script is not easy to spot as it will load a non-malicious or malicious script depending on the visitor and section of the site being visited.” reported BleepingComputer.
The Smith & Wesson online store runs on Magento, attackers likely exploited a known vulnerability to compromise the system and inject the malicious code.
Earlier in November, Magento addressed a remote code execution vulnerability, tracked as CVE-2019-8144, that could allow unauthenticated attackers to deliver malicious payloads.
Users that have recently made purchases at smith-wesson.com are recommended to contact their credit card company and monitor your statements for suspicious activities.
In November, Macy’s started notifying some of its customers that crooks used a software skimmer to steal their personal and financial information.