What Does The Malicious Script Do?
The script records the keystrokes from the users and transfers the keystrokes to the attacker’s server and mostly these hackers try to compromise the third-party features which allows them to access a large number of website.
RiskIQ reported that MageCart has carried out the attack on British Airways using a customized script that runs under the radar and the group has also used a dedicated infrastructure to take perform the attack on the airline company.
When And Where Did The Experts Find The Malicious Script?
The malicious script was loaded from the baggage claim information page on the British Airways website. The code attached by the threat actors sends the payment information to the attacker’s server when the customer enters his payment credentials in the British Airways webpage.
The information stolen from the British Airways was sent in the form of JSON to a server running on baways.com that matches the legitimate domain used by the airline. At the time it is still unclear how MageCart managed to inject the malicious code in the British Airways website.