Furthering the list of MageCart victims, now emerges a European skincare brand. It turns out that multiple Perricone websites suffered MageCart attacks with at least one becoming a victim of the breach.
MageCart Attacks On Perricone Websites
Reportedly, the European skincare brand Perricone has become the latest victim of card-data theft. According to the researchers, the UK, Italy and German websites of Perricone brand suffered separate MageCart attacks over the year.
While the attacks took place on all three websites, evidence revealed that the MageCart successfully stole data from only one site. In fact, since there were two different MageCart groups behind the attacks, it seems only one of them actually succeeded.
Elaborating their findings in a blog post, Sam Jenkins of RapidSpike revealed that the first attack happened in November 2018. However, owing to a mistake in the code, the skimmer failed to load from the malicious MageCart domain (js-react.com).
Whereas, in November 2019, a second hacking attack targeted Perricone websites, this time being successful. In this attack, they not only registered a similar malicious domain (perriconemd.me.uk) but also limited the skimmer to load on the check-out page only.
However, scratching the surface let the researchers find out numerous other domains registered on the same server that was found involved in Perricone attacks.
No Fix From Perricone Yet
RapidSpike observed that the attacks might have taken place by exploiting vulnerabilities in the Magento platform backing the Perricone websites.
Upon finding the presence of malicious codes, RapidSpike informed Perricone MD of the attacks. They also collaborated with them for responsible disclosure.
However, according to Bleeping Computer, the malicious codes are still present on the websites, though, might not be working for some customers.
Therefore, the customers who have made online purchases with the brand should keep an eye on their payment card transactions.
Let us know your thoughts in the comments.
