Magecart Hits Popular Customer Review Plugin

Magecart Hits Popular Customer Review Plugin

The infamous Magecart digital skimming code has been found again, this time inserted into a customer rating plugin used on thousands of e-commerce sites.

RiskIQ, which has been tracking the groups behind Magecart for a couple of years, was alerted to the latest discovery on September 15.

This time, the malicious JavaScript was inserted into the code of Shopper Approved, a popular plugin that lets customers leave reviews with online retailers and the like.

In that respect, it’s a supply chain attack of the sort seen with Ticketmaster partner and Inbenta Technologies rather than a direct web compromised as per British Airways.

By Phil Muncaster

To read the full article click here.