Fri. Jun 5th, 2020

Attackers Hide Payment Skimmer in American Cancer Society’s Online Store

American Cancer Society’s online store has been infected with credit card stealing malware, TechCrunch reports.


Similar to the malware that affected British Airways, Ticketmaster, AeroGarden, and many others, the code found in the organization’s store is “designed to look like legitimate analytics code.” However, unsuspecting victims end up with more than they bargained for because the code collects their credit card numbers and sends it to a third-party server.


Then attackers, known as Magecart, “use their stolen credit card numbers to sell on the dark web or use the numbers for committing fraud.”


In a blog post shared exclusively with TechCrunch, Willem de Groot — the security researcher who discovered the malware — explained the attack saying, “the skimmer loader hides itself by hiding behind the (legitimate) GoogleTagManager code:”



And, from the image above, you can see that the code was inserted twice. As a result, “it revealed the web address of the hacker’s third-party server.” Which “is hosted in Irkutsk, a Russian network that is popular among skimming groups.”


As of now, it’s unclear how many users were affected.