The infamous Magecart digital skimming code has been found again, this time inserted into a customer rating plugin used on thousands of e-commerce sites.
RiskIQ, which has been tracking the groups behind Magecart for a couple of years, was alerted to the latest discovery on September 15.
This time, the malicious JavaScript was inserted into the code of Shopper Approved, a popular plugin that lets customers leave reviews with online retailers and the like.
In that respect, it’s a supply chain attack of the sort seen with Ticketmaster partner and Inbenta Technologies rather than a direct web compromised as per British Airways.
By Phil Muncaster
To read the full article click here.