Get started in 5 minutes!

American Cancer Society hit by payment skimmer

American Cancer Society hit by payment skimmer

Digital skimming groups (aka Magecart) hit another low, as they successfully targeted the American Cancer Society last night. Our skimmer detectors found a piece of malicious code embedded on the shop, which intercepts payments from unsuspecting visitors.

Sansec has contacted via their fraud hotline but haven’t received confirmation of a fix yet, and as of writing, the skimmer is still in place (copy here). Update 25th Oct: the skimmer has been removed, the site is all clean.

The multi-billion charity is the next in a series of high profile skimming victims over the past few years, including British Airways, Ticketmaster, LA Times, ESET, the Red Cross and Infowars. But those are only the tip of the iceberg. Our systems have identified 30 to 200 new cases per day since 2015.

Technical analysis

The skimmer loader hides itself by hiding behind the (legitimate) GoogleTagManager code:

It searches for “checkout” (Y2hlY2tvdXQ=) and will then load the actual skimming code from (copy). This server is hosted in Irkutsk, a Russian network that is popular among skimming groups.

As you can see, the attacker made a glitch. The loader is included twice here, presumably because the first one does not function.

Are you a merchant?

Are you dealing with a similar incident right now? Get in touch, we are ready to help you resolve this quickly. Since 2015, we have cleaned and hardened hundreds of stores and provide warranty against re-infection. Our goal is to help you prevent incidents instead of having to deal with them!

Stay ahead of eCommerce hacks,
protect your store today!

Sansec forensic experts were the first to document large scale digital skimming in 2015. Since then, we have investigated thousands of hacked stores. Our research of the latest attack vectors protects our customers around the world. Our anti-skimming technology and data are used by merchants, forensic investigators, financial anti-fraud teams and service providers

Try our malware scanner