Oct 4, 2019

Credit card-stealing Magecart malware now infects 2 million sites

Over 2 million websites are now infected with Magecart, malware that allows thieves to steal credit card information, according to a RiskIQ report released Friday.

Why it matters: Magecart has become one of the most prolific threats to steal credit card information online. "2 million is a big number, and only getting bigger," Jordan Herman, a researcher at RiskIQ, told Axios via email.

Background: Magecart has ensnared some of the largest websites in credit card breaches, including Ticketmaster and British Airways.

  • It is often installed into the code running websites on misconfigured Amazon cloud servers using automated software that finds the cloud accounts and inserts that malicious code.
  • RiskIQ recommends, whenever possible, consumers use off-site mechanisms to pay for website goods — like Apple Pay, PayPal or other established trustworthy systems.
Go deeper