Magecart Malware Hijacked US Restaurants
Dark web hackers have breached 300 USA restaurant platforms in two recent cyber attacks that stole more than 50,000 credit card information. The two attacks aimed at three online food ordering platforms have resulted in the theft that affected patrons across several US states.
The hackers were able to breach the payment platforms by hacking and installing a credit card skimmer known as the Magecart malware. This virus works by copying the information associated with each credit card when online shoppers pay for their food by entering their credit card information on the checkout page.
Web-skimmers are known as Magecart malware and have often been used by criminals to skim credit card data when a user inputs their information to pay for products or services.
The Magecart malware from collected research data, shows that hackers have been actively targeting a wide variety of consumers, over the years. Additionally, the information provided indicated that researchers have recently identified two current Magecart campaigns that have been actively injecting malicious malware into online ordering platforms. The targeted platforms associated with the restaurant industry include MenuDrive, InTouchPOS, and Harbortouch.
The breach committed against the online ordering portals was detected by the Recorded Future anti hacking detection group. So far, law enforcement officials have identified 50,000 credit and debit cards that were compromised by dark web hackers, in the recent card skimming hacks.
Cyber analysts have also revealed that the stolen cards have already surfaced on the deep web where they are being sold on various dark web marketplaces.
Magecart Skimming Campaigns
The first hacking campaign was documented on November 12, 2021, which turned out to be the second campaign against the InTouchPOS payment platform.
In another campaign tracked to January 18, 2022, approximately 74 restaurants that utilize the Harbortouch ordering platform were infiltrated by the criminals. In addition, a reported 80 eateries associated with MenuDrive were a part of that security breach. The majority of the affected eateries are small restaurants located in several states, which opted to utilize the less expensive ordering process provided by these platforms because of budgetary constraints.
According to analytical reports, it shows that the hackers injected their malicious malware into the webpages of the outsourcing payment platforms, and the website of each affected restaurant. In addition, the malicious code was traced to the designated subdomain of each eatery, which was created on the platform of the online payment services.
The malware that stole the payment card data also scraped other private data such as the victims’ names, email addresses, and phone numbers. With phony payment forms injected with skimmer overlays, the hackers were able to steal the credit card info without directly hacking the online payment websites.
And even now as victims complete the checkout process for their orders; it shows that the phony payment forms linked to the threat actors are still very active. According to Recorded Future, the hackers’ exfiltration domains are still accessible and functioning quite well.