The Magecart credit-card-skimming malware that is the bane of internet shoppers has been spotted again, this time on the Forbes magazine subscription website.
“If you want to subscribe to the paper version with a credit card then that’s where you have to go,” Mursch, chief research officer of Bad Packets, told The Register on Wednesday. “That’s the reason, in my opinion, why they infected that part of the site.”
⚠️ WARNING ⚠️@Forbes Magazine subscription website (https://t.co/VqCahQHj9X) is infected with #magecart malware.— Bad Packets Report (@bad_packets) May 15, 2019
Exfil domain: fontsawesome[.]gq (🇧🇬)@urlscanio results: https://t.co/Su3ziLZd3w
Deobfuscated code: https://t.co/jb0ULmq0Et pic.twitter.com/zlRGZ5k2hE
The researcher tried to alert Forbes to the Magecart infection on numerous email addresses, even trying security at forbes dot com which turned out to be unavailable. He also reported the problem to the domain owner, and has yet to hear anything back from Forbes.
A Forbes spokesperson told El Reg on Wednesday night that, at this stage, it doesn’t appear the crooks got anyone’s credit card information, though an investigation is ongoing. Nevertheless, recent subscribers should check their credit card statements for signs of fraudulent use, as should everyone these days, frankly.
Ticketmaster breach 'part of massive bank card slurping campaign'READ MORE
Forbes is a customer of Picreel, and what seems to have happened is that enough info escaped the marketing biz’s servers to allow the installation of the Magecart software on the Forbes subscription dotcom. Picreel’s other 1,200 customers may also be at risk, and you can check out a list of affected domains right here.
Magecart, which first surfaced in 2015, has been causing massive headaches for online traders. British banks were forced to replace 40,000 cards after Ticketmaster picked up a Magecart infection, British Airways was struck down, and online retailer Newegg was hit with the card-gobbling code in the past year. ®