Ongoing Magecart Campaign Targets Online Ordering at Local Restaurants

A massive Magecart e-skimmer campaign has siphoned off the payment records of hundreds of restaurants by attacking their online payment platforms. Targets include MenuDrive, Harbortouch, and InTouchPOS, according to a new advisory.

So far, researchers at Insikt Group, Recorded Future's threat research division, Magecart attackers have posted more than 50,000 stolen order payment records from at least 311 restaurants — and they're offering them for sale on the underground Web. Researchers warn they expect that number to rise.

The report added that the compromised records include payment card data, as well as billing and contact details.

The three platforms in question are a departure from Magecart's usual target, the Magento e-commerce platform. During the pandemic, many local restaurants rushed to implement online ordering and payment, and they may not be paying attention to patching vulnerabilities or shoring up security in general for their new lines of business.

"Cybercriminals often seek the highest payout for the least amount of work," the Tuesday Magecart campaign report said. "This has led them to target restaurants' online ordering platforms; when even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which allows cybercriminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack."