- While MyPillow was hit with Magecart attacks in 2018, Amerisleep is said to be targeted as early as 2017.
- The pillow manufacturing company has reworked the site after the attack but Amerisleep is still to respond with a fix.
The Magecart group — known for its notorious credit card skimming attacks, makes headlines again. This time, it has found targeting websites of mattress companies MyPillow & Amerisleep. The security incident was uncovered and detailed by Yonathan Klijnsma of RiskIQ. With its continuously evolving tactics, the group has slowly been rising to dominate the cyberspace in 2019.
- In October 2018, Magecart registered a false typo-squat site of MyPillow revealing the possibility of an attack infrastructure.
- The group then injected a script into the company’s web store which was hosted on the false site.
- They registered another new domain to insert a script as well as a skimmer into the LiveChat service of MyPillow.
- Altogether, these two skimmers were detected by Klijnsma and were active till November 2018.
- In April 2017, Magecart began its credit card-skimming operation on Amerisleep. Just like the MyPillow case, an obfuscated skimmer was used.
- The group also deployed multiple scripts during their attack on the mattress company.
- The site had skimmers active from April to October 2017. However, after a year, Magecart started deploying skimmers again.
- In fact, Magecart created a GitHub account in the name of Amerisleep to store their skimmer tools. This was taken down shortly.
Why it matters – While the threat group earlier targeted large firms such as British Airways, Newegg, and others, it has now eyed smaller companies.