Cybercriminals are taking advantage of the tragic situation occurring in Australia.
Firefighters have been fighting massive brush fires for the past couple of weeks that have burned about 16 times the amount of land destroyed in the recent California fire season. Donations have been pouring in from concerned citizens around the world to help aid the thousands of residents who have been displaced across the continent. Unfortunately, attackers hoping to make bank injected a payment-card skimmer on the check-out page of a legitimate online donation site.
Magecart, an umbrella term for online payment-card skimmers that we have referenced before in this article, was found after researchers came across a script, named "ATMZOW", that was stealing data from the checkout page. Information stolen included the names on the cards, card numbers, expiration dates, CVV and billing addresses.
Attackers were able to inject this site with the Magecart script because it has not been patched for a while, according to Jérôme Segura, the director of threat intelligence at Malwarebytes. The Magecart script typically goes about e-commerce platforms that are insecure and look for websites that run outdated systems, such as this one that was running a content-management system named Magento. Researchers do not believe this website was a target, rather just a victim of an automated attack script looking to exploit insecure websites.
The affected site has not been named but the victim donation site was informed and the malicious software has now been removed. It is believed that this particular strain of malicious code is currently active on 39 other websites, as shown below by a tweet from Troy Mursch.
