The American Cancer Society reportedly suffered a malware attack on its online store. News sites report that the attack successfully mined credit card information.
According to Tech Crunch, security researcher Willem de Groot found the malware last Thursday, October 24, 2019. The vulnerability was reportedly disguised to blend with the company’s analytics code.
Known as Magecart, the attackers programmed the code to mine credit card numbers and other sensitive information. Through this malicious code embedded in the American Cancer Society’s online shop, payments would become intercepted.
Card details obtained by attackers will be sold on the dark web. Some accounts may also be used for fraudulent actions and purchases, says Tech Crunch.
Details of the Attack
Based on the findings of de Groot, the skimmer allegedly lodges itself within the Google Tag Manager code. When an individual makes a purchase and is asked to input credit card details, the code will enact upon checkout.
According to the security researcher, the vulnerability looks for the checkout code (Y2hlY2tvdXQ=). Once found, the skimmers will attach itself to the original link via thatispersonal.com/assets/cancer.js. Powered by a Russian network named Irkutsk, the Magecart group sent credit card details towards their server.
Upon decoding the system language, the security researcher in charge found that attackers made a glitch in the database. With one malfunctioned program, the attacker inserted the code twice within the system.
After a closer inspection, de Groot traced the third-party service provider. Despite showing links to Moscow, Russia, the page merely opens to a decoy set-up.
Although Sanguine Security reached out to the American Cancer Society, the company failed to issue a fix for their vulnerability. The researcher called the company through its anti-fraud hotline notes Tech Crunch.
Upon Tech Crunch’s inspection dated October 25, 2019, the vulnerability in the system was no longer available. However, a spokesperson for the company, Kathi Di Nicola declined to give a statement regarding the situation.
As of writing, the number of affected buyers and merchants remain unaccounted for. Following this, individuals who accessed the website in the past week are urged to contact the American Cancer Society. Likewise, Tech Crunch states that customers should also get in touch with their payments provider to assess potential damages.
Apart from the American Cancer Society, other high-profile institutions have also been hit with the malware attack. The recent victims of these breaches include British Airways, ESET, Infowars, LA Times, the Red Cross, and Ticketmaster.