"Magecart Cyberattack Targets NutriBullet Website"
Researchers from RiskIQ found that Magecart group 8 has been targeting Nutribullet.com, which is the website of the blender manufacturer, NutriBullet. The hacking group inserted a JavaScript web skimmer code and also an exfiltration domain targeting the website's checkout page, where customers input their payment information. The adversaries started trying to steal payment information on February 20th, and the malicious code was removed on March 17th. The attackers' exfiltration domain was taken down on March 1st so that the adversaries would not receive stolen information. However, then the adversaries replaced the skimmer and new exfiltration URL on the website on March 5th. The researchers then took down the new exfiltration domain again. On March 10th, the adversaries added a new skimmer but left the old exfiltration domain. Since the adversaries kept the old exfiltration domain that had already been taken down, this means the adversaries were not able to get any information after March 10th. As of right now, it is unknown if the adversaries were able to steal any credit card information during the time they were active.
Threatpost reports: "Magecart Cyberattack Targets NutriBullet Website"