Shopper Approved Hacked Cyber Gang Security Training

Magecart Cyber Gang Attacks Shopper Approved Plugin

Magecart is at it again, notorious for payment card stealing hacks and other online attacks. This time their victim is Shopper Approved.

Shopper Approved

Shopper Approved is a site that gathers local reviews, merchant reviews, and product reviews all on one site.  They are the latest victim of Magecart, notified by RiskIQ that something was off on September 17th.

“Fortunately, we were able to quickly detect and secure the code related to the incident. We also put additional security measures in place to help ensure that this doesn’t happen again,” Scott Brandley, CEO of Shopper Approved, says in a security alert on the company’s website. “After a thorough investigation, we were able to determine that only a very small percentage of our clients were involved, and we have already reached out to those clients directly in an effort to help them remediate any issues.”


According to RiskIQ, Magecart is an umbrella organization that is speculated to consist of six separate groups.  They specialize in digital skimmer software which refers to malicious code that gets implanted into a site and used to intercept a payment card data entered by a customer.

Previous Magecart attack schemes were carried out against Ticketmaster, British Airways, and Newegg.  This attack against Shopper Approved mimics Magecarts previous scams.

“Instead, it attempted to skim payment information from multiple online stores at once by compromising a widely used third party,” Yonathan Klijnsma, a threat researcher at RiskIQ.

RisqIQ and Shopper Approved said the hack was detected in its early stages, therefore the payment card skimmer code only appeared on “a small percentage of the checkout pages.”

Hacked Over the Weekend

Klijnsma says that the attack began on Saturday, September 15.  RiskIQ attempted to reach out to Shopper Approved  on that same day “via email, phone, and even LinkedIn to see if we could help provide them with information to remediate it.”

It has been suspected that the timing of the attack may have been planned to go on for as long as possible since Shopper Approved is only open from Monday to Friday. No one received RiskIQ’s tip until that following Monday, September 17th.

“On Monday, September 17th at 15:03:01 GMT [9:30 am Mountain Time] the skimmer code was removed from the site-seal script,” RiskIQ says. “Since then, we have been in frequent contact with Shopper Approved, which launched a full-scale internal investigation in addition to engaging a leading forensics firm to help find out exactly how this happened and who was affected.”

Shopper Approved CEO Brandley says in a statement: “RiskIQ helped significantly limit the impact caused by Magecart – and for that, we will be forever grateful.”

Hacking Third-Parties

According to RiskIQ, Magecart focuses “solely on compromising third parties – the supply chain of the web if you will,” noting that “with this MO their reach is very big.

Original Article Found Here.

  • 3