A website gathering donations for the victims of the wildfires in Australia has been hit by a credential-skimming attack, placing the payment information of donors at risk. The attack, identified as the work of Magecart, injected the ATMZOW skimmer into the charity's website code, grabbed payment information, and forwarded it to a third-party destination with an obfuscated web address.
According to the research team at MalwareBytes, which discovered the compromise, the destination server has now been taken offline, though the skimmer code is still present on the site. A researcher from Bad Packets Report noted that the same skimmer code is currently in place on 39 additional websites.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "6 Unique InfoSec Metrics CISOs Should Track in 2020."