Over 2 million websites are now infected with Magecart, malware that allows thieves to steal credit card information, according to a RiskIQ report released Friday.
Why it matters: Magecart has become one of the most prolific threats to steal credit card information online. "2 million is a big number, and only getting bigger," Jordan Herman, a researcher at RiskIQ, told Axios via email.
Background: Magecart has ensnared some of the largest websites in credit card breaches, including Ticketmaster and British Airways.
- It is often installed into the code running websites on misconfigured Amazon cloud servers using automated software that finds the cloud accounts and inserts that malicious code.
- RiskIQ recommends, whenever possible, consumers use off-site mechanisms to pay for website goods — like Apple Pay, PayPal or other established trustworthy systems.