(Credit: Macrovector/Shutterstock)

While buying things on the Internet has steadily gotten more secure over the years, some hackers have been fighting that much harder to intercept your payment info and use it for themselves. Cybersecurity firm RiskIQ reports that a group called Magecart has just performed another such attack, this time on customer review aggregator Shopper Approved.

When RiskIQ first reported on this phenomenon in July, it said ominously, "[W]e discovered that this was not a one-off event as initially reported, but part of a massive digital credit card-skimming campaign by the threat group Magecart affecting over 800 e-commerce sites around the world." Targets have included Ticketmaster, British Airways, and Newegg.

SEE: 50 million Facebook accounts got hacked, and Facebook doesn't appear to know why

The latest attack centered on Shopper Approved, a paid service that collects customer reviews and packages them for clients, among other things. Magecart inserted some malicious JavaScript programming code into this service's transaction processing system, apparently with the intent of collecting credit card payment info.

RiskIQ's "Threat Researcher" Yonathan Klijnsma says, "Early on the morning of September 15th, RiskIQ received an incident notification regarding Magecart. Although we're notified hourly, this domain (and affected URL) caught our eye."

According to Klijnsma, this attack was particularly interesting because the hackers briefly made the mistake of pasting in all the raw programming code that executes the skim operation, rather than masking it with a technique called code obfuscation. RiskIQ captured the raw code and is doubtlessly going over it with a fine-toothed comb. It also contacted Shopper Approved to help it with remediation (the process of fixing a security breach).

FOLLOW Download.com on Twitter for all the latest app news.

Thankfully, Klijnsma was able to determine that the damage was limited for a number of reasons. One, digital shopping carts are starting to block third-party JavaScript from loading on those sections of their websites. Two, "Most Shopper Approved clients did not have the impacted script on their actual checkout pages." And three, the malicious code was aimed at a narrow range of keywords located in a website's URL.

Klijnsma also notes that CDNs (content delivery networks) may cause issues. With a CDN, a third party basically makes a copy of your website (with your approval) and stores it on servers at another physical location, in case your site gets hit with a level of traffic that it can't handle -- or in case the CDN can provide better geographical proximity for the site visitor, which helps with things like video streams and online gaming.

CDNs operate more or less invisibly to the user, because the URL doesn't change, only the physical location of the site's servers. And CDNs store their site copies in what's called a cache -- but these caches may not be updated frequently. If that's the case, someone may go to your site cached in a CDN and see the older version of it that contains malicious code inserted by someone else.

Because of this, RiskIQ recommends that affected websites clear all their CDN caches in the event of a breach like this one.

Klijnsma adds, "Word to the wise: If you own an e-commerce company, it's a best practice to remove the third-party code from your checkout pages whenever possible."


  • Cybersecurity firm RiskIQ reports that a group called Magecart has just performed a credit card skimming attack on customer review aggregator Shopper Approved.
  • Thankfully, the attack appears to have been limited in scope and spotted fairly quickly. However, this is one of an increasing number of ambitious attacks on online shopping cart systems -- targets have included Ticketmaster, British Airways, and Newegg.

Also see

Tom McNamara is a Senior Editor for CNET's Download.com. He mainly covers Windows, mobile and desktop security, games, Google, streaming services, and social media. Tom was also an editor at Maximum PC and IGN, and his work has appeared on CNET, PC Gamer, MSN.com, and Salon.com. He's also unreasonably proud that he's kept the same phone for more than two years.