Tupperware accused of ignoring warnings over ecommerce website compromised by web-skimming JavaScript
Tupperware finally gets round to cleaning its ecommerce site days after being told that it had been compromised by a credit-card-stealing Magecart group
The payments page of well-known plastic food container maker Tupperware has been compromised by a Magecart group, exposing payments made by customers for several weeks earlier this month. The malicious code on the company's check-out pages was only removed yesterday following public exposure by security firm Malwarebytes.
Researchers at the company say they discovered the compromise on 20th March and reported it to the company immediately. However, none of their emails or calls were answered by the company.
Every time a shopper initiated a payment, the code would create an iframe, floating over the legitimate page and display a fraudulent payment form imitating the company's official VISA CyberSource payment form
According to the researchers, the hackers carried out the cyber attack by placing a PNG image file with malicious JavaScript code onto the website.
So, every time a shopper initiated a payment, the code would create an iframe, floating over the legitimate page and display a fraudulent payment form imitating the company's official VISA CyberSource payment form.
Once a user had inserted their personal and payment details and hit the submit button, they would be shown a time-out error message. The page is loaded again, but this time displaying the legitimate web page to the user, enabling them to check out, allaying any suspicions they may have had about the process.
In light of the COVID-19 outbreak, the volume of people shopping online has dramatically increased
Malwarebytes said that the malicious Magecart script or web skimmer was also seen running on Tupperware's localised pages. The rogue payment page, which was displayed in English, was easy to spot, as Tupperware sites run in a local language.
Tupperware only finally removed the malicious PNG file and associated JavaScript code yesterday, after Malwarebytes had gone public with its findings.
The cyber security firm believes that targeted attacks against online shopping stores will rise over the coming days and weeks as hackers look to take advantage of the on-going coronavirus crisis that has forced companies to ask their employees to work from home until the situation improves.
"In light of the COVID-19 outbreak, the volume of people shopping online has dramatically increased," Malwarebytes said.
"There is little doubt that a larger number of transactions will be impacted by credit card skimmers moving forward."
Just last week, researchers from cyber security firm RiskIQ disclosed that in February Magecart Group 8 had compromised the website of NutriBullet, the fashionable maker of the eponymous blender, and inserted a JavaScript-based credit card skimmer on the site.
Hackers specifically targeted the checkout page of the website, where customers enter their payment card details.