Researchers estimate the gun manufacturer's website was compromised sometime before Black Friday.

Dark Reading Staff, Dark Reading

December 3, 2019

1 Min Read

A Magecart group has compromised the website of American gun manufacturer Smith & Wesson by injecting malicious code designed to lift customers' payment data at checkout.

The incident was found by Sanguine Security's Willem de Groot, who was investigating payment skimmers impersonating Sanguine Security's anti-skimming service. He found attackers were registering malicious domains named after Sanguine and using his name as the registrant.

These fake skimmers have been used on several high-profile stores, including Smith & Wesson, de Groot explains in a blog post. Not all of the malware impersonates the Sanguine domain name; however, the major skimmers share identical code and infrastructure. Smith & Wesson was hit with a skimmer on Nov. 27, he says, and it was present when he published on Dec. 2.

The skimmer on this website is "exceptionally sophisticated" and contains multiple levels of obfuscation, each rendering a new anonymous function to complicate debugging, de Groot says. Most of the site's script is benign, though the Magecart code appears on the checkout page for visitors who use a US-based IP address and non-Linux browser and who aren't on AWS. In these cases, the file size changes from 11KB to 20KB upon visiting the checkout page.

When someone under these conditions goes to the checkout page, they are shown a fake payment form. The details they submit are exfiltrated to a server controlled by attackers.

Read more details here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "A Cause You Care About Needs Your Cybersecurity Help."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights