Magecart Information Stealing Campaign

An advanced persistent threat group called Magecart has stolen personal data from users of hundreds of websites by compromising third-party components.

Threat ID:: CC-2544
Category:
Threat Severity:: Low
Threat Vector:
Published:: 18 July 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

An advanced persistent threat group called Magecart has stolen personal data from users of hundreds of websites by compromising third-party components.

Threat details

Magecart infected or replaced scripts belonging to suppliers of payment processing and analytics services. When users browse to websites that load these scripts, any information they entered could be stolen.

The obtained payment information has been fraudulently reused and sold to other criminals.

Remediation steps

Type	Step
	Ensure that websites do not reference any compromised scripts. Consider using the subresource integrity feature to avoid loading scripts that have changed unexpectedly.

Last edited: 17 February 2020 12:47 pm