Puma Australia Hit With Credit Card Hack Malware
Sophisticated malware was planted by hackers on Puma Australia’s website, with the intention to steal customer’s credit card information at checkout, a security researcher found.
A suspicious code tucked away on Puma Australia’s page containing a script that logged people’s credit card numbers, names, and addresses when they typed them in on the website. The code sent victims’ data over to a server registered in Ukraine, said Willem de Groot, Sanguine Security forensic analyst.
To a request for comment, Puma didn’t immediately respond when the security researcher notified them about this attack.
The skimming campaign is made up of multiple hacking groups, and Puma is the latest in a long line of businesses hit with credit card skimming malware. A massive hacking operation is targeting online shops connected to Magecart.
This is the kind of malware that goes after popular websites with vulnerabilities. The earlier victims include the Atlanta Hawks, British Airways, and NewEgg, among many other businesses targeted by Magecart over the past few years.
“The single largest problem with Magecart is that consumers have absolutely no way to know that they got skimmed until it’s too late and that merchants lack the tools to properly deal with this,” de Groot said.
Puma is one of the top sportswear brands in the world, with sales reaching $4 billion in 2018, according to financial reports. In the last year, Puma saw major growth in the Asia/Pacific region, where its Australian team operates.
Puma’s popularity as a worldwide brand makes it a prime target for Magecart attackers. De Groot said he found the malware through a detection tool he developed, which finds Magecart code embedded on hundreds of stores a day.
The security researcher de Groot said, “The skimmer found on Puma Australia’s website was one of the most sophisticated ones he had seen yet.”
This skimmer was able to camouflage itself by using typical code like “optEmbed” and “selectDuration.” Typically, skimmers have to be specifically tailored for the payment system it’s targeting, but de Groot found that this skimmer on Puma Australia’s website was a jack of all trades.
He said he’s found 77 other stores online with this new kind of skimmer from Magecart. It supports payment systems across the world, indicating a collaborative effort between hackers internationally.
“It has adapters for over 50 payment gateways, which means that the owner can deploy it quickly to newly hacked stores,” de Groot said in a message. “It clearly took a massive effort to build support for all these payment systems.”
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.