This article originally appeared in Information Security Buzz on January 19, 2019.
A new Magecart attack aimed at French advertising agency Adverline, has been discovered by RiskIQ. This new Magecart attack steals customer credit card details by compromising a content delivery network for ads so that any website loading the script from the ad agency’s ad tag would also be loading the digital skimmer at the same time.
Experts Comments below:
Mike Bittner, Digital Security and Operations Manager at The Media Trust:
“This new malware strain is just one more indication of how sophisticated and organized bad actors have become. It has not only affected the French ad agency, but at least two large digital ad technology vendors, who saw a malicious domain pop up in their payment pages, but were able to thwart the infection by continuously monitoring their digital ecosystem for unauthorized code and terminating the malware at its source. Other players along the supply chain should be just as vigilant, especially retail sites at the receiving end of infected ads and whose users will inevitably be affected. If EU consumer information is stolen, affected companies could face GDPR fines.”