Magecart is a hacker group that specialise in digital skimming attacks. Digital skimming is a type of attack where threat actors insert malicious code into the systems on e-commerce websites responsible for handling payment information, with the aim of stealing credit or debit card information.
Magecart has been responsible for the data breaches of over 100,000 e-commerce websites around the world, some of which have made it to headline news. For example, the Ticketmaster hack between February and June 2018 affecting approximately 40,000 customers, and the British Airways breach in September 2018 which went undetected for 15 days affecting approximately 380,000 transactions.
Recently, a new subgroup named “Magecart Group 12” have taken a new approach to skimming card details than previous attempts made by other subgroups. Instead of injecting their malicious code into a relatively small group of specifically targeted websites, Magecart Group 12 have injected their code into third party JavaScript libraries used for displaying website advertisements. This new approach meant that any e-commerce websites that displayed advertisements, and relied on these JavaScript libraries to function, became compromised after these were infected. Distributing their malware using this method was incredibly efficient compared to previous attacks and allowed Magecart to harvest card details from almost 300 websites in less than a week from a wide variety of industries.
If you are looking to protect yourself from these types of attacks, you should disable JavaScript in your browser before checking out if you suspect the site might have been compromised. The majority of e-commerce websites are designed to be able to function with JavaScript disabled. With the consideration that this attack relies entirely on malicious JavaScript code to function correctly, disabling this will prevent attackers from stealing your data at the checkout.