Home Hacking British Airways Data Breach Was Carried Out By MageCart Crime Gang

British Airways Data Breach Was Carried Out By MageCart Crime Gang

3 min read
0
0

British Airways Data Breach Was Carried Out By MageCart Crime Gang

The researchers at RiskIQ have stated that the British Airways data breach was conducted by the crime gang MageCart. The group has been active since 2015 and has been compromising many e-commerce websites to steal payment card and other sensitive data. The group usually insert a skimmer script to the target websites to extract payment card data and when the attackers are succeeded in compromising the website the script will automatically add an embedded piece of JavaScript Code dubbed MagentoCore.

What Does The Malicious Script Do?

The script records the keystrokes from the users and transfers the keystrokes to the attacker’s server and mostly these hackers try to compromise the third-party features which allows them to access a large number of website.

RiskIQ reported that MageCart has carried out the attack on British Airways using a customized script that runs under the radar and the group has also used a dedicated infrastructure to take perform the attack on the airline company.

When And Where Did The Experts Find The Malicious Script?

After the experts had analyzed all the loaded scripts in the website they have noticed some changes in the Modernize JavaScript Library as the attackers have added some lines of code at the bottom of the library to avoid causing harm to the script and the JavaScript library was modified on Aug 21st 20:49 GMT.

The malicious script was loaded from the baggage claim information page on the British Airways website. The code attached by the threat actors sends the payment information to the attacker’s server when the customer enters his payment credentials in the British Airways webpage.

The information stolen from the British Airways was sent in the form of JSON to a server running on baways.com that matches the legitimate domain used by the airline. At the time it is still unclear how MageCart managed to inject the malicious code in the British Airways website.

Load More Related Articles
Load More In Hacking

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

New Cold Boot Attacks Can Evade Current Mitigations

New Cold Boot Attacks Can Evade Current Mitigations Many people tend to put laptops to ‘Sl…