Application security, Threat Management, Data Security
More than 300 US restaurants impacted by Magecart campaigns
BleepingComputer reports that more than 300 restaurants across the U.S. had 50,000 payment cards stolen in two ongoing Magecart malware campaigns aimed at Harbortouch, MenuDrive, and InTouchPOS online ordering portals.
Eighty restaurants leveraging MenuDrive and 74 others using Harbortouch have been impacted by the first campaign that began in January, with the web skimmer found to be injected into the web pages of restaurants, according to a report from Recorded Future. Separate scripts for payment card data retrieval and cardholder name, email address, and phone number collection were used in the malware sent for MenuDrive systems, while only one script was used on Harbortouch.
Meanwhile, the Magecart campaign targeted at InTouchPOS began last November but most skimmer injections were discovered to have begun in January. Researchers noted that the InTouchPOS campaign involves an overlaid fake payment form instead of direct information theft from compromised sites.
Performing restaurant subdomain scanning is needed in removing skimmers in the MenuDrive and Harbortouch campaign but only a simple code comparison is required for the InTouchPOS infection, said Recorded Future.
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds