[BreachExchange] European Skin Care Perricone websites Suffer Multiple MageCart Attacks Attribution link: https://latesthackingnews.com/2020/01/12/european-skin-care-perricone-websites-suffer-multiple-magecart-attacks/

[Destry Winant]

https://latesthackingnews.com/2020/01/12/european-skin-care-perricone-websites-suffer-multiple-magecart-attacks/

Furthering the list of MageCart victims, now emerges a European
skincare brand. It turns out that multiple Perricone websites suffered
MageCart attacks with at least one becoming a victim of the breach.

 MageCart Attacks On Perricone Websites Reportedly, the European
skincare brand Perricone has become the latest victim of card-data
theft. According to the researchers, the UK, Italy and German websites
of Perricone brand suffered separate MageCart attacks over the year.

While the attacks took place on all three websites, evidence revealed
that the MageCart successfully stole data from only one site. In fact,
since there were two different MageCart groups behind the attacks, it
seems only one of them actually succeeded.

Elaborating their findings in a blog post, Sam Jenkins of RapidSpike
revealed that the first attack happened in November 2018. However,
owing to a mistake in the code, the skimmer failed to load from the
malicious MageCart domain (js-react.com). Whereas, in November 2019, a
second hacking attack targeted Perricone websites, this time being
successful.

 In this attack, they not only registered a similar malicious domain
(perriconemd.me.uk) but also limited the skimmer to load on the
check-out page only. However, scratching the surface let the
researchers find out numerous other domains registered on the same
server that was found involved in Perricone attacks.

No Fix From Perricone Yet RapidSpike observed that the attacks might
have taken place by exploiting vulnerabilities in the Magento platform
backing the Perricone websites.

Upon finding the presence of malicious codes, RapidSpike informed
Perricone MD of the attacks. They also collaborated with them for
responsible disclosure.

However, according to Bleeping Computer, the malicious codes are still
present on the websites, though, might not be working for some
customers. Therefore, the customers who have made online purchases
with the brand should keep an eye on their payment card transactions.