With just one line of code, hackers can get your credit card data from E-Commerce sites

One line of malicious code is all it takes to affect e-commerce sites and steal payment card data from customers.

Cybersecurity researchers are reporting a new and simple cyberattack that can be used to steal your bank card. This simple and powerful trick is based on a new JavaScript sniffer that is very similar to the malware used in the Magecart which affected over 800 sites, researchers say.

It was discovered that at least seven e-commerce sites were affected. Six from the US and one from the United Kingdom. Security vendor Group-IB, which uncovered the attacks, identified the malicious code as a new JavaScript sniffer (JS sniffer) that it has named GMO.

The affected sites by the JavaScript sniffer named GMO are forshaw.com, absolutenewyork.com, cajungrocer.com, getrxd.com, jungleeny.com, and sharbor.com and fila.co.uk. The implications of this JS stealer are huge considering that these sites have around 350,000 monthly visitors.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

During a malware analysis, it was found that GMO is part of a family of JS sniffers that are used against on e-commerce sites based on the Magento content management system.

Every internet user should know that there are at least 38 known families of JS sniffers, up in the wild; and each of them is designed to steal credit card data and credentials from online stores.
Hackers modus operandi: They inject the card-stealing code into the sites via an unknown vulnerability in Magento or by compromising the credentials on the website administrator.

After the initial compromise is “installed” the one-line code that downloads the JS sniffer. The sniffer then intercepts any credit card data that is entered into the page, puts the data it into local storage, and then sends it to hacker’s C&C server.

This card stealing campaign is very similar to the one that affected 800 e-commerce sites that were using Magecart, including Ticketmaster UK.
Cybersecurity specialist warns that this type of cyber attacks are very dangerous because hackers can easily adapt every one of it for use against an e-commerce site.

JavaScrip sniffers, despite their simplicity, are extremely dangerous, because such tools can be used to steal data on thousands of customers. They must be taken seriously because if underestimated, this cyberattacks can create additional risks for the customer.

The fact that GMO JS sniffer malware appears to be relatively new shows very well that hackers are constantly evolving their methods and find new ones. It is known that there are multiple other groups using distinct families of JS Sniffers targeting online stores.e characteristics, some of which are multipurpose and others specific that are designed to target particular sites.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.