Tupperware famously locks in food’s freshness, but hackers could not be locked out of the company’s e-commerce site. The primary Tupperware site, along with several localized versions, were compromised by digital credit card skimmer disguised inside an image file.
Researchers at Malwarebytes Labs discovered the malicious code when they noticed an anomaly in an iframe container. While the researchers say they don’t know what the infection vector was, the malicious campaign is ongoing and, at press time, still active.
The researchers note several details in the malicious code that indicate attackers less polished in their craft than other well-known criminal gangs are involved.
“This does indeed sound like the work of a new cybergang that has not scaled operations yet,” Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, told Dark Reading. “The domain name they chose to register was not customized to blend into their target victim’s normal website operations, and based on DNS resolution telemetry, it does not seem to have reached any meaningful scale. Nonetheless, this may be the blueprint of future similar attacks on other websites.”
Read more here.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio