A security researcher discovered that credit card-stealing malware was inserted into the code of the American Cancer Society’s online store, according to TechCrunch.
Willem de Groot discovered the malicious code buried deep, and hidden to look like analytics code. It was meant to scrape credit card numbers for sale on the dark web or other malicious activities.
The code is meant to send the numbers to a third-party server, but it was malformed and put in twice. De Groot decoded the information and discovered the web address of the server. The domain is registered in Moscow, but the website that exists only as a decoy page.
The code was removed on Friday (Oct. 25), and it’s not currently known how many people were affected by it. TechCrunch recommends anyone who used a credit card on the American Cancer Society website to contact their payments provider.
He said they’re a “thriving criminal underworld that has operated in the shadows for years.”
“Magecart is only now becoming a household name,” he added.
The first Magecart group started as early as 2014, when it would set its sights on thousands of sites and then store the stolen data. Groups 2 and 3 started skimming credit cards, and group 4 hacked more than 3,000 sites and grabbed as many card numbers as it could.
Groups 5 and 6 did some of the more high-profile attacks, with the latter responsible for British Airways and Newegg. If the malicious code is discovered, the perpetrators simply move on to another site.