Magecart

TECHNICAL DEFINITION

Magecart is the umbrella term for multiple cybercriminal groups performing digital skimming attacks on e-commerce websites, primarily by injecting malicious JavaScript code into client-side web pages to surreptitiously intercept and exfiltrate sensitive payment card data during online transactions, often exploiting third-party supply chain vulnerabilities.

BACKGROUND

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

SYNONYMS & ALIASES

• Digital Skimming
• Web Skimming
• E-skimming
• Formjacking

USAGE NOTE

The term 'Magecart' can refer both to the specific threat actor groups and the prevalent method of web skimming attack they employ, especially targeting e-commerce platforms.

DEVELOPERS

Organizations developing technology related to Magecart.

• Sansec.io

  Specializes in e-commerce security, offering real-time detection and prevention solutions specifically designed to protect online stores (especially Magento) from digital skimming attacks like Magecart.

• Source Defense

  Provides client-side website security solutions that prevent malicious code injections, data skimming (Magecart), and supply chain attacks by controlling and restricting third-party script behavior.

• Jscrambler

  Offers JavaScript protection and obfuscation technologies to prevent client-side tampering, reverse-engineering, and the injection of malicious scripts, which are common tactics used by Magecart groups.

• HUMAN Security (formerly PerimeterX)

  Provides client-side protection (CSP) solutions that monitor and secure client-side code, detecting and blocking web skimming attacks and other malicious activity targeting customer data.

• Akamai

  Offers comprehensive web application and API protection (WAAP) services, including client-side protection capabilities to defend against web skimming and other client-side attacks, often associated with Magecart.

• Cloudflare

  Provides a suite of security products, including Web Application Firewall (WAF), bot management, and client-side security features to detect and mitigate threats like web skimming and supply chain attacks used by Magecart.

• F5 (Shape Security)

  Delivers advanced fraud and abuse prevention solutions, including client-side defense mechanisms that protect against automated attacks and payment card skimming operations like those conducted by Magecart.

• Microsoft (via RiskIQ acquisition)

  Through its acquisition of RiskIQ, Microsoft offers threat intelligence and security solutions that help detect and respond to digital supply chain attacks and web skimming campaigns, leveraging RiskIQ's deep expertise in Magecart research.