Researcher find nearly 1000 websites with web skimmers to steal payment card data


Researcher finds 1,236 websites infected with credit card stealers

How would you feel if you visited a website and found the next day that your credit card has been charged fraudulently? This happened because you visited a website that has a Web Skimmer, E-Skimmer, or MageCart installed in it to steal your payment card details. We had recently exposed how a hacker group was stealing payment card information hiding a Web Skimmer in the websites Favicon. It seems there are nearly 1000 websites that have such web skimmers of MageCarts installed to steal your payment data.

A security researcher researching about MageCart has found nearly 1236 websites that have such web skimmers installed. The security researcher Max Kersten was able to compile a list of 1,236 domains that were hit by a web skimmer hosted on an external domain.

What is Web Skimming?

Web Skimming also called e-skimming or a Magecart attack is a process in which hackers breach websites and hide malicious code on its webpages. The code activates itself when any customer users a Credit or Debit Card to make payment. The code steals the steals payment card details as soon as the victim enters them in checkout forms. The code then relays the stolen payment card details to the command and control center of the hackers.

Web skimming attacks were first noticed in 2016 and as the years have passed the web skimming attacks have gotten more innovative. The U.S. Federal Bureau of Investigation (FBI) has already issued a warning in October 2019 to US etailers and online operators about e-skimming attacks or Magecart attacks.

Malwarebytes today published a a report which details such an innovative web skimming operation carried out by a group of hackers. Malwarebytes discovered this group while investigating a series of strange hacks, where the only thing modified on the hacked sites was the favicon. Favicons are the website logos that open when you visit on any website.

In the past year, researchers have found that big websites like British Airways, Ticketmaster, OXO, Newegg have been infected with the MageCart malware designed to steal payment card information. Since then, automated systems tuned specifically to detect this type of threat found hundreds of thousands of websites that on checkout pages malicious JavaScript designed to steal card data from shoppers.

Max started his journey into researching web skimmers with free tools available online. During his research, he found a sum total of 1236 websites infected with such web skimmers. Kersten found affected domains by using a scanner he made to parse and store results from’s API and several rules that detected the malicious JavaScript. He then removed incorrect and double entries and subdomains that would have affected the final set of unique domains.

Based on Kersten’s research, the country with the most shops impacted by MageCart is the U.S. with 303 infections, while individual countries in Europe seem to be the least affected, as the U.K. is in the lead with just 68 websites. India figures high on the list with 79 infected websites. You can read the full details of his research on his blog post here.


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments