Article 50WAW Hackers hit NutriBullet website with credit card-stealing malware

Hackers hit NutriBullet website with credit card-stealing malware

by
Zack Whittaker
from Crunch Hype on (#50WAW)

Magecart hackers have struck again, this time targeting the NutriBullet website.

According to new research by security firm RiskIQ, hackers broke into the blender maker's website several times over the past two months, injected malicious credit card-skimming malware on its payment pages and siphoned off the credit card numbers and other personal data - like names, billing addresses, expiry dates and card verification values - of unsuspecting blender buyers.

The data was scraped and sent to a third-party server, operated by the attackers. The stolen credit card data is then sold to buyers on dark web marketplaces.

NutriBullet fought back each time by removing the malicious code each time. But RiskIQ said that the hackers still have access to the company's infrastructure, with its hackers targeting NutriBullet's website as recently as last week.

RiskIQ head of threat research Yonathan Klijnsma warned against using the site until the company "acknowledges our outreach and performs a cleanup."

NutriBullet's chief information officer Peter Huh confirmed the intrusions and that it had "launched forensic investigations" into the incident, and claimed it will "work closely with outside cybersecurity specialists to prevent further incursions," but did not name the outside firm.

Huh and a spokesperson declined to answer our questions, specifically if customers would be notified of the security incident.

It's the latest attack by Magecart, a group of groups rather than a single entity of hackers, all of which have different motivations and targets but all of which use largely the same tactics and techniques. There are eight known Magecart groups focused on stealing credit card numbers for profit, according to Klijnsma.

Hackers associated with Magecart tactics have in the past few years hit Ticketmaster, British Airways, the American Cancer Society and consumer electronics giant Newegg.

With the help of security outfits AbuseCH and Shadowserver, RiskIQ began efforts to take down the malicious domain that the hackers were using to send stolen credit card numbers. But Klijnsma acknowledged that the group, still with access to NutriBullet's infrastructure, can keep spinning up new malicious domains and re-infecting the site with credit card-scraping malware.

"They're learning from past attacks to stay one step ahead," said Klijnsma. "It's on the security community to do the same."

Meet the Magecart hackers, a persistent credit card skimmer group of groups you've never heard of

Techcrunch?d=2mJPEYqXBVI Techcrunch?d=7Q72WNTAKBA Techcrunch?d=yIl2AUoC8zA Techcrunch?i=p2KJP5qmv4g:CqSmKOE0qus:-BT Techcrunch?i=p2KJP5qmv4g:CqSmKOE0qus:D7D Techcrunch?d=qj6IDK7rITsp2KJP5qmv4g
External Content
Source RSS or Atom Feed
Feed Location http://feeds.feedburner.com/TechCrunch/
Feed Title Crunch Hype
Feed Link https://techncruncher.blogspot.com/
Reply 0 comments