Custom phone case online retailer compromised by Magecart theft group
UPDATE: On October 23rd 2018 BroadAnalysis was contacted by the compromised site informing the website was cleaned of the malware.
skinit.com – COMPROMISED SITE
www.userlandit.com – POST /checkout/onepage/saveOrder/jNFmumMlOn5uuMCV – MAGECART EXFIL SITE
www.verifiedaccessrule.com – ADDITIONAL EXFIL SITE FOUND ON EARLIER RUN
IMAGES AND DETAILS:
The externally located script performs Magecart’s main data theft function and is obfuscated, with a larger portion of it being hex encoded.
Shown above: Credit card information being posted to www.userlandit.com/checkout/onepage/saveOrder/jNFmumMlOn5uuMCV over HTTPS referred by skinit shopping cart page hosted at www.skinit.com/checkout/onepage/
MALICIOUS FILES ASSOCIATED WITH MAGECART: