Magecart Attack
What is Magecart Attack?
Magecart AttackA category of digital-skimming attacks in which criminals inject malicious JavaScript into e-commerce checkout pages to steal payment-card data as customers enter it.
Magecart is a loose umbrella name coined by RiskIQ for several crime groups that specialise in client-side skimming of online stores. The attacker compromises the merchant's web stack — Magento admin, third-party tag, CDN, S3 bucket, or analytics script — and injects JavaScript that silently exfiltrates form data from the checkout page to an attacker-controlled domain. Because the skimmer runs in the customer's browser, payment processors and server-side controls do not see it. Notable victims include British Airways (2018, 380,000 cards), Ticketmaster, Newegg, and many Shopify and WooCommerce stores. Defences combine Content Security Policy, Subresource Integrity, third-party-script monitoring, and PCI DSS v4.0 requirements 6.4.3 and 11.6.1.
● Examples
- 01
British Airways 2018: attackers modified a Modernizr JavaScript library to skim 380,000 card numbers.
- 02
Ticketmaster 2018: a compromised third-party chatbot script (Inbenta) leaked customer payment data.
● Frequently asked questions
What is Magecart Attack?
A category of digital-skimming attacks in which criminals inject malicious JavaScript into e-commerce checkout pages to steal payment-card data as customers enter it. It belongs to the Attacks & Threats category of cybersecurity.
What does Magecart Attack mean?
A category of digital-skimming attacks in which criminals inject malicious JavaScript into e-commerce checkout pages to steal payment-card data as customers enter it.
How does Magecart Attack work?
Magecart is a loose umbrella name coined by RiskIQ for several crime groups that specialise in client-side skimming of online stores. The attacker compromises the merchant's web stack — Magento admin, third-party tag, CDN, S3 bucket, or analytics script — and injects JavaScript that silently exfiltrates form data from the checkout page to an attacker-controlled domain. Because the skimmer runs in the customer's browser, payment processors and server-side controls do not see it. Notable victims include British Airways (2018, 380,000 cards), Ticketmaster, Newegg, and many Shopify and WooCommerce stores. Defences combine Content Security Policy, Subresource Integrity, third-party-script monitoring, and PCI DSS v4.0 requirements 6.4.3 and 11.6.1.
How do you defend against Magecart Attack?
Defences for Magecart Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Magecart Attack?
Common alternative names include: Web skimming, Digital skimming.
● Related terms
- attacks№ 1229
Web Skimmer / E-Skimming
Malicious code injected into a website that steals payment-card or personal data as customers type it into the page.
- attacks№ 431
Formjacking
An attack in which malicious JavaScript intercepts form submissions in a victim's browser and sends the entered data to a server controlled by the attacker.
- attacks№ 1116
Supply Chain Attack
An attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.
- attacks№ 240
Cross-Site Scripting (XSS)
A web vulnerability that allows attackers to inject malicious scripts into pages viewed by other users, executing in the victim's browser under the site's origin.
- compliance№ 807
PCI DSS
A global information-security standard for organizations that store, process, or transmit payment card data, maintained by the PCI Security Standards Council.