Sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics, two major sports events happening later this year, have been infected with JavaScript that steals payment card details.
According to a BleepingComputer.com report, on one of the websites, the malicious code survived for at least 50 days, while on the other it lasted for two weeks. If not for the intervention of two security specialists, MageCart, the malware, would have continued to skim credit card information, adds BleepingComputer.
MageCart is a code that steals card data from online stores at checkout, says the report. It initially targeted sites that were running the Magento e-commerce platform. The report notes that MageCart attackers try to maximize their profits in any way possible and do not typically attack single sites: "Their targets must have something in common that allows them to reach a larger number of victims."
The malware was initially discovered by Jacob Pimental on the secondary ticket market OlympicTickets2020.com. Security researcher Max Kersten also joined Pimental in the discovery of the malware.
Kersten and Pimental contacted the two sites various times. Kersten notes that their tickets were closed twice, after the site's security team cold not find the malware, despite their instructions. However, Kersten says that the script was finally removed from the site.
Pimental says, "If you have purchased tickets from olympictickets2020.com or eurotickets2020.com in the last 50 days I would suggest you contact your bank as your credit card information may be compromised."