One of the Magecart cybercriminal groups is testing a new method for grabbing users’ credit card info: malicious skimming code that can be loaded into files used by L7 routers.
What is Magecart?
- Compromising individual e-commerce sites
- Compromising third-party sources of scripts that online shop owners use to add various functionalities or serve ads
- Compromising cloud storage that is used to serve websites’ static content.
A novel approach
A thorough analysis of those files lead them to believe that the group is working on code that will allow them to target and compromise layer 7 routers.
L7 routers are commercial grade routers, typically used by airports, hotels, casinos, malls and similar establishments and organizations, to deliver wireless connectivity to a great number of users.
They usually lead to “captive portals” and require users to sign in (or pay) to use the service. Most importantly, though, these routers can manipulate traffic (mostly to serve ads) and, apparently, this is how MG5 plans to inject their malicious skimming scripts into users’ browsers sessions.
“That open source code is provided as a free, MIT licensed tool designed to provide swiping features on mobile devices. By infecting that code at its source, MG5 can infect and compromise all the apps that incorporate that module into their code and steal data from users who eventually download the booby-trapped apps,” they explained.
What can we do about it?
Avoiding Magecart groups’ payment card skimming code is getting more difficult as time passes. Apart from giving up on online shopping, there’s not much consumers can do to prevent falling victim to router-level skimming or skimming via compromised libraries and apps.
Online merchants, on the other hand, can do something: they can avoid insecure third-party code, implement code/file integrity checks for third-party scripts, use strong Content Security Policies, allow only vetted scripts to access payment data, and so on.
App developers should carefully vet the open source code they mean to include in their offerings.