Cybercriminals Planted a Payment Card Skimmer on the Websites

Forcepoint

On the websites of many companies using the Replay Now conference network, Malwarebytes announced on Thursday, cybercriminals have planted a payment card skimmer.

Playback Also helps organisations to capture activities through live streaming or on demand and deliver the content. It also offers a virtual conference hall and lets firms promote their operations.

Researchers from Malwarebytes found that a server owned by Playback Now, which hosts conference materials for clients of the company, was hacked. The consumer websites hosted on it were injected with a payment card skimmer that allowed the attackers to harvest the financial details of consumers buying conference materials from those pages. Customers receive a dedicated platform that they can use to serve their content.

Tens of these pages, often belonging to educational or medical institutions, tend to be infected. It’s worth noting that the official website of Playback Now, playbacknow.com, does not seem to be affected.

The attackers likely used a previously reported piece of malware intended to provide access to e-commerce websites by brute-forcing passwords, based on Malwarbytes’ study. The cybercriminals then inserted one line of code from a domain with a name similar to the official Playback Now website, specifically playbacknows.com, which they registered just a few weeks ago, that fetched malicious JavaScript.

According to news, the affected websites were powered by Magento version 1, which is no longer supported. This obsolete version of the platform also drives tens of thousands of e-commerce websites.

In what the company described as the biggest ever skimming operation, digital skimming security solutions provider Sansec announced last month that hundreds of Magento stores were hacked daily.

At the time, the firm said the perpetrators may have used a new hack that had been marketed for $5,000. In this attack, the vulnerability, which enables users to access Magento 1 websites, may have also been used, probably by the same party that Sansec monitored.

It submitted its results to Playback Now, Malwarebytes said, although it is uncertain whether any action has been taken.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.