Global Magecart Campaign Targets Six Card Networks

https://www.infosecurity-magazine.com/news/global-magecart-campaign-six-card/

Publish Date: 2026-03-18 04:59:33

Source Domain: www.infosecurity-magazine.com

Summary:

Security researchers from Silent Push have uncovered an extensive Magecart skimming campaign that has been silently compromising payment portals since 2022. Targeting major payment networks such as American Express, Diners Club, Discover, JCB, Mastercard, and UnionPay, this campaign poses a significant risk to consumers with these cards. The campaign employs malicious JavaScript that injects covertly into e-commerce websites, capturing payment and personal details from customers. These details can either be used directly for fraudulent activities or sold on the dark web. Because these web-skimming attacks run client-side within the victims’ browsers, they remain invisible to both the site owner and the victim until errors occur during the payment process. Silent Push advises e-commerce vendors to implement robust content security policies, adhere to PCI DSS requirements, keep their systems updated, enforce strong access controls, and test their websites under incognito mode to mitigate such threats. End users are also recommended to shop via trustworthy platforms, employ security solutions that block malicious scripts, and vigilantly monitor their bank statements for anomalies.

Key Points:

Silent Push identified a long-term Magecart skimming campaign targeting major payment networks worldwide.
The attack injects malicious JavaScript into e-commerce websites to capture payment and personal details during checkout.
These attacks operate client-side in the victim’s browser, remaining hidden from site owners and users, unless payment errors occur.
Silent Push recommends e-commerce vendors implement stronger security measures and advise users to choose trusted platforms and monitor bank statements for fraudulent activities.