The infamous Magecart card skimming hack has been used to make life miserable for college students. Trend Micro has discovered that a hacking group, currently nicknamed Mirrorthief, relied on the scripting technique to steal card data from 201 online campus stores across the US and Canada on April 14th. The team slipped its scripts into the checkout pages of the sites (all created by a common developer, PrismRBS) to harvest full card details, names, addresses and phone numbers. The number of people affected by the heist isn’t yet clear.
The perpetrators appear to be unique among Magecart-using groups at this stage. They not only don’t share much in common with other groups, they crafted their attack specifically with PrismRBS’ software in mind. There might even be a custom receiver system instead of a ready-made skimming kit popular among cybercriminals.
PrismRBS said it had learned of the breach on April 26th and “immediately” reacted, including efforts to stop the attack, launch an investigation and contact customers as well as law enforcement and payment card providers. It’s promising to bolster the security of its platform and conduct a “comprehensive end-to-end audit.”
There are tools that can block the scripts and the internet domains used for remote data theft. The challenge, as is often the case, is getting companies to adopt. Even if their payment software is up to date, they might not be aware of the possibility for card skimming hacks or have security tools to thwart them. And when the attacks can be highly effective, there’s plenty of incentive for crooks to find these soft targets.