Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS

Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS

6 years ago
Anonymous $oIHRkISgaL

https://www.theregister.co.uk/2018/09/12/feedify_magecart_javascript_library_hacked/

A Javascript library hosted by Feedify and used by e-commerce websites globally has been repeatedly infected this week to potentially siphon off countless victims' bank card details to crooks.

The library code is typically embedded into retail webpages by site administrators and developers to add a means for shoppers to leave customer feedback. That code – feedbackembad-min-1.0.js – is served from Feedify's web servers, and has been repeatedly tampered with by hackers to include the MageCart malware. This malicious software seeks out credit card details entered on the compromised webpages, and phones them home to an outside server controlled by fraudsters.

Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS

Sep 12, 2018, 10:15pm UTC
https://www.theregister.co.uk/2018/09/12/feedify_magecart_javascript_library_hacked/ > A Javascript library hosted by Feedify and used by e-commerce websites globally has been repeatedly infected this week to potentially siphon off countless victims' bank card details to crooks. > The library code is typically embedded into retail webpages by site administrators and developers to add a means for shoppers to leave customer feedback. That code – feedbackembad-min-1.0.js – is served from Feedify's web servers, and has been repeatedly tampered with by hackers to include the MageCart malware. This malicious software seeks out credit card details entered on the compromised webpages, and phones them home to an outside server controlled by fraudsters.