// THREAT DETECTION AND DATA PRIVACY TERM

Magecart

Magecart refers to a collection of hacker groups that specialize in digital skimming attacks, where they inject malicious code, usually JavaScript, into e-commerce websites to steal customers' payment card information during checkout.

Magecart — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

Magecart is the umbrella term for multiple cybercriminal groups performing digital skimming attacks on e-commerce websites, primarily by injecting malicious JavaScript code into client-side web pages to surreptitiously intercept and exfiltrate sensitive payment card data during online transactions, often exploiting third-party supply chain vulnerabilities.

BACKGROUND

In 2018, the UK flag carrier British Airways suffered a cyberattack in which the personal and financial details of hundreds of thousands of customers who made bookings on BA's website and mobile application were stolen. Subsequent investigations by the United Kingdom Information Commissioner's Office (ICO) found that the attacker was in a position to access personal data relating to about 429,612 individuals, including roughly 244,000 customers whose names, addresses, payment card numbers, expiry dates and card verification values (CVVs) were exposed.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • Digital Skimming
  • Web Skimming
  • E-skimming
  • Formjacking

USAGE NOTE

The term 'Magecart' can refer both to the specific threat actor groups and the prevalent method of web skimming attack they employ, especially targeting e-commerce platforms.

DEVELOPERS

Organizations developing technology related to Magecart.

  • Sansec.io

    Specializes in e-commerce security, offering real-time detection and prevention solutions specifically designed to protect online stores (especially Magento) from digital skimming attacks like Magecart.

  • Source Defense

    Provides client-side website security solutions that prevent malicious code injections, data skimming (Magecart), and supply chain attacks by controlling and restricting third-party script behavior.

  • Jscrambler

    Offers JavaScript protection and obfuscation technologies to prevent client-side tampering, reverse-engineering, and the injection of malicious scripts, which are common tactics used by Magecart groups.

  • HUMAN Security (formerly PerimeterX)

    Provides client-side protection (CSP) solutions that monitor and secure client-side code, detecting and blocking web skimming attacks and other malicious activity targeting customer data.

  • Akamai

    Offers comprehensive web application and API protection (WAAP) services, including client-side protection capabilities to defend against web skimming and other client-side attacks, often associated with Magecart.

  • Cloudflare

    Provides a suite of security products, including Web Application Firewall (WAF), bot management, and client-side security features to detect and mitigate threats like web skimming and supply chain attacks used by Magecart.

  • F5 (Shape Security)

    Delivers advanced fraud and abuse prevention solutions, including client-side defense mechanisms that protect against automated attacks and payment card skimming operations like those conducted by Magecart.

  • Microsoft (via RiskIQ acquisition)

    Through its acquisition of RiskIQ, Microsoft offers threat intelligence and security solutions that help detect and respond to digital supply chain attacks and web skimming campaigns, leveraging RiskIQ's deep expertise in Magecart research.

RELATED TERMS IN THREATS & ATTACKS