Unseen Magecart Assault Bowls Over Websites with Malicious JavaScript and Data Theft from Payment Information
In the digital landscape of mid-September 2025, a sophisticated Magecart-style attack campaign emerged, targeting e-commerce websites with the intent of harvesting sensitive payment information. This stealthy operation was orchestrated by a cybercriminal group known as Magecart.
The attacks, characterised by the deployment of malicious JavaScript, were hosted on attacker-controlled domains such as [redacted_1], [redacted_2], [redacted_3], and [redacted_4]. Cybersecurity researcher, Himanshu Anand, noted the malware's ability to leverage passive DNS and infrastructure fingerprinting to expand its operational reach.
The malware used in this campaign has been reused across several campaigns, with the malware logic replicated under different domain names. The injected script blends into legitimate payment workflows, hooking into form fields and event listeners to silently exfiltrate payment data.
More than a dozen active domains were revealed, some masquerading as legitimate analytics or utility services. Researcher Himanshu Anand mapped out a cluster of related domains linked to the attacker infrastructure, revealing that the attackers reinforce this infection pathway with persistent infrastructure, recycling domain patterns over time.
The skimmer script is injected automatically via JavaScript. The initial code observed in this campaign was heavily obfuscated to evade detection by security scanners and to frustrate analysis by incident responders.
The core data exfiltration logic ensures only valid, non-test credentials are transmitted, maximising the value of stolen data. The script establishes event hooks on payment input fields like credit card numbers and billing addresses. When triggered, the script collects stolen credentials and dispatches them to a remote server using XMLHttpRequest and FormData objects.
The malware's infrastructure is primarily hosted on IP address 45.61.136.141. As the digital world continues to evolve, it is crucial for e-commerce businesses to stay vigilant and implement robust security measures to protect their customers' sensitive data.
Read also:
- Exploring the Architecture and Skills of Qualys' Agentic AI: A Deep Dive into Its Technological Framework and Abilities
- Auto Industry Update: Geotab, C2A, Deloitte, NOVOSENSE, Soracom, and Panasonic in Focus
- Preparations Underway for the 2022 FIFA World Cup: Impact on Sports Betting Industry
- Major cybersecurity breach hits over 690,000 clients at American financial technology company
