The ticket reselling sites olympictickets2020.com and eurotickets2020.com reportedly have been compromised with Magecart POS skimming malware.
first spotted on the two sites , which deal in tickets for the upcoming 2020
Tokyo Olympics EUFA Euro 2020, and were detailed In late January by researchers
Kersten and RiskIQ took the additional step attributing this attack to Magecart
obfuscation and skimming code we observed on opendoorcdn.com matches that used
by Magecart Group 12, whose skimmer and obfuscation techniques we analyzed in
our blog posts. However, there are differences in the techniques employed by
Group 12 in these more recent compromises, which we’ll break down here,” RiskIQ
employs base64 encoded checks against the URL looking for the word “checkout”
to identify the proper page on which to load their skimmer code. This encoding
masked both the check itself and the skimmer URL, RiskIQ said.
to look at the ticket sites based on a suspicion Pemental had when he “stumbled”
and found a small description with the code where he found that an existing
case, the library was hosted on the targeted site itself. There is no
information as to how the malicious code got appended to the library,” Kersten
researchers contacted the site’s host company prior to going public and sent an
email to its customer support firm. The company did take a look, but at first
glance did not find the malware, Pemental then contacted them again with
further details but received no response. Then on January 21 the pair saw that
the malicious code was gone indicating the company had heeded their warning.
purchased tickets through these two sites going back at least 50 days could be
at risk and should check that their payment cards have not been compromised,