Hacker groups engaged in database skimming attacks (also known as Magecart) have infiltrated the online stores of two of the world ‘s largest retail chains — accessories store Claire’s and sporting goods retailer Intersport.
According to reports released today by security firms Sanguine Security and ESET, hackers infiltrated the websites of the two companies and concealed malicious code that would record information of the payment card entered in checkout types.
Claire’s and Icing
According to the Willem de Groot of Sanguine Security, the website of the Claire was compromised between 25th and 30th April, and so was Icing sister-site.
“The inserted code would intercept any customer information entered during checkout and send it to the claires-assets.com server,” de Groot wrote today in a report shared with ZDNet, where claires-assets.com was a domain that they had registered four weeks earlier for the purpose of carrying out this attack.
De Groot said at the time of the attack, he contacted Claire ‘s management and the firm removed the malicious code from their site.
For unauthorized transactions, Claire and Icing users who shopped online during the above-mentioned interval are advised to keep an eye on their card statements and lock their cards, and work with their banks if they find anything suspicious.
An antivirus maker ESET has also detailed a similar incident today, impacting the Intersport website, one of Europe’s largest retail sports goods chains, with more than 5,800 stores across the continent.
The skimmer was not loaded on all versions of the Intersport website, but only on the local versions serving clients in Croatia, Serbia, Slovenia, Montenegro and Bosnia and Herzegovina.
Another greedy #Magecart campaign found be #ESETresearch – this time in Balkans. Crooks were trying to skim credit cards of #Intersport e-shoppers in #Croatia, #Serbia, #Slovenia, #Montenegro, #BosniaandHerzegovina. 🇭🇷 🇷🇸 🇸🇮 🇲🇪 🇧🇦 @OndrashMachula 1/2 pic.twitter.com/m7leaNcgQN
— ESET research (@ESETresearch) June 15, 2020
Although ESET said Intersport responded and removed the malicious code from their website within hours of being alerted, ESET did not provide an attack timeline — the dates the stores were compromised between. Cybersguards is still working on getting the numbers, so we will publish them here so users can verify whether they shopped at the time of the hack on the Intersport websites.
However, the number of users affected is believed to be larger than usual in both cases.
Both the Claire’s and Intersport cases happened during the coronavirus (COVID-19) pandemic when most retail stores were closed, and the companies diverted consumers for drug purchases to their web pages.