The online store of American gun manufacturer Smith & Wesson was hacked Wednesday, Nov 27, after a malicious script was injected by attackers to steal customer’s payment information.
The malicious script, called MageCart, is a type of cybersecurity attack that involves injecting malicious software skimmers either directly or through third-party services on the targeted online stores. The scripts then steal the payment information submitted by customers by transporting the details to a server controlled by the attackers.
The incident was discovered by the researcher Willem de Groot from Sanguine Security. According to him, he was made aware of a Magecart group that has been registering domain titles named after his name and his company. In an effort to trace down the group and detect the sites it has already compromised, de Groot identified Smith & Wesson’s online store as a victim of the attack.
“Skimming code & infrastructure is identical to the campaign that impersonates Sanguine Security. Hacker registered skimming domains in my name and disguises as Sanguine protection,” de Groot tweeted.
According to him, the compromised Smith & Wesson online store loads malicious code from a domain set up by the attackers to access personal and financial information submitted by customers on the checkout page.
“However if you are using a US-based IP address, non-Linux browsers, not on the AWS platform, and at the checkout page, the script being delivered changes from 11KB to 20KB, with the Magecart portion appended to the bottom as shown below,” it added.
According to many reports, since Smith & Wesson online store runs on Magento, attackers have likely exploited a known vulnerability to inject the malicious code into the website.
Earlier in November, popular e-commerce platform Magento has issued a statement urging customers to install patches for a remote code execution vulnerability that can be exploited by hackers to compromise a system and inject malware.
“This vulnerability could enable an unauthenticated user to insert a malicious payload into a merchant’s site and execute it, which is why we recommend installing this update,” the e-commerce platform explained in an earlier post.
Smith & Wesson is yet to issue a response to the discovery.