Recently, researchers found the MageCart attack on a donation site set up for the Australia bushfire donation. While the site is legit, the donors unwittingly fell prey to credit card skimming.
Researchers from the Malwarebytes Labs have found an Australia Bushfire donation website under the MageCart attack. This incident exposed donor credit card details to the attackers behind the skimmer.
According to BleepingComputer, the researchers found a legitimate donation collection website for the Australia bushfire under a credit-card skimming attack. They noticed a malicious skimmer ‘ATMZOW’ script running on the checkout page of the website.
Digging further into the code it was revealed that the script pilfered donor’s payment information from the checkout page. It then submitted the data to a domain vamberlo.com obfuscated in the script.
According to Troy Mursch, the same script affected 39 other websites as well. However, it isn’t clear whether the script utilized the same domain as that of the bushfire donation site.
Upon noticing the domain containing the malicious script, researchers managed to get the domain vamberlo.com shut down.