ransomware

Smith & Wesson Hit With Magecart Campaign

Magecart: The American gun manufacturer Smith & Wesson had its online store compromised by an e-commerce website skimmer. Originally compromised on November 27, 2019, the skimmer was active until after Black Friday. The threat actor injected malicious JavaScript into the checkout page of the company to steal the credit card information that was entered into the website throughout the time it was active.
While investigating occurrences of newly registered domains, Sanguine Security’s Willem de Groot found that the same threat actor that was registering domains for their company was also registering look-alike domain names similar to Smith & Wesson’s domain. According to researchers, the script is not easy to see because it will load either a non-malicious script or a malicious script, depending on the IP address of the visitor to the site and the section of the website that was visited. Most likely this was done to avoid detection by automated services that watch for malicious JavaScript injects.
Analyst Note: Anyone who recently purchased products through the smith-wesson.com website should be vigilant in checking their credit card statements for any fraudulent transactions. At the time of this writing, Smith & Wesson had been contacted about the skimmer but did respond before the article was published. It is important to note for all online shoppers that just because the major shopping days have passed, shopping online leading up to Christmas is going to stay at an elevated rate.
error

Leave a Reply

Your email address will not be published. Required fields are marked *