English 
Русский 
简体中文 
Português do Brasil 
Français 
Español 
Türkçe 
Polski 
Tiếng Việt 
한국어 
Nederlands 
Italiano 
日本語 
Eesti 
Čeština 
മലയാളം 
Bahasa Melayu 
हिन्दी 
اردو 
Bahasa Indonesia 
Safe WebMagecart is a term used by computer security experts to refer to a type of cyber attack that involves the theft of payment card data from e-commerce websites. It is the collective name for the many different methods used to achieve this goal.
The term was coined after a particularly large data breach of British retail giant Marks & Spencer in 2015. In this case, attackers had inserted malicious code into the retailer’s website, allowing them to collect customers’ credit card information without their knowledge or consent. This type of code injection is now known as a Magecart attack.
Magecart attacks are typically carried out by exploiting vulnerabilities in the web application code of an e-commerce site. The attackers inject malicious JavaScript code into the victim’s site, allowing them to steal credit card numbers, passwords, and other sensitive data. The JavaScript can be designed to execute only when a targeted payment page is accessed, making it difficult to detect and remove without specialized expertise.
The attackers then exfiltrate the stolen data by establishing a connection to a remote server, commonly referred to as a “dropzone.” This data can then be used for various nefarious purposes, such as credit card fraud or identity theft.
The Magecart threat has been on the rise since 2015, with cybercriminals becoming increasingly sophisticated with their malicious attacks. According to IBM, at least 70,000 e-commerce websites have been exposed to Magecart attacks since 2019, with victims ranging from major Fortune 500 companies to small- and medium-sized businesses. In June 2020, British Airways suffered a Magecart attack that exposed 269,000 customer credit cards.
Magecart attacks remain a major threat to the security of online retailers and other organizations with payment processing capabilities. To prevent these attacks from succeeding, website owners must ensure they regularly patch and update their web applications with security fixes, and use secure software development practices. Additionally, websites should use specialized tools and services to monitor their network for malicious activity related to Magecart and take appropriate measures to protect customer data if such activity is detected.
