Get started in 5 minutes!

American Cancer Society hit by payment skimmer

American Cancer Society hit by payment skimmer

Digital skimming groups (aka Magecart) hit another low, as they successfully targeted the American Cancer Society last night. Our skimmer detectors found a piece of malicious code embedded on the shop, which intercepts payments from unsuspecting visitors.

Sansec has contacted via their fraud hotline but haven’t received confirmation of a fix yet, and as of writing, the skimmer is still in place (copy here). Update 25th Oct: the skimmer has been removed, the site is all clean.

The multi-billion charity is the next in a series of high profile skimming victims over the past few years, including British Airways, Ticketmaster, LA Times, ESET, the Red Cross and Infowars. But those are only the tip of the iceberg. Our systems have identified 30 to 200 new cases per day since 2015.

Technical analysis

The skimmer loader hides itself by hiding behind the (legitimate) GoogleTagManager code:

It searches for “checkout” (Y2hlY2tvdXQ=) and will then load the actual skimming code from (copy). This server is hosted in Irkutsk, a Russian network that is popular among skimming groups.

As you can see, the attacker made a glitch. The loader is included twice here, presumably because the first one does not function.

Are you a merchant?

Are you dealing with a similar incident right now? Get in touch, we are ready to help you resolve this quickly. Since 2015, we have cleaned and hardened hundreds of stores and provide warranty against re-infection. Our goal is to help you prevent incidents instead of having to deal with them!

Prevent Magecart attacks,
protect your web store
with Sansec's eComscan

Since our discovery of MageCart attacks in 2015, we've investigated thousands of hacked Magento web stores. All our research findings are added to our automated malware and vulnerability scanner for Magento and Adobe Commerce.
Merchants using eComscan are protected against the latest malware attacks and all known backdoors. eComscan provides an hourly vulnerability audit on all Magento versions, configurations, and extensions.

Try our malware scanner