Magecart Strikes Again, and Kitronik Is Latest Victim

Written by

Magecart, the payment-card–skimming malware, has taken another victim, Kitronik, a leading supplier of electronic project kits in the UK. According to recent news from The Register, the company was the latest victim of Magecart’s global payment-card–skimming malware.

Kitronik suffered a data breach that may have exposed names, email addresses, card numbers, expiry dates, CVV security codes and postal addresses. The Register reported having seen an email written by Geoff Hampson, resident electronics expert for Kitronik, in which he told customers that the malware had been discovered.

"Anyone that has followed the news in recent months will be aware of the malicious software ‘Magecart’ that has been recording customer’s key presses on such high profile websites as British Airways and Ticketmaster. The malicious software records key presses at the checkout stage, to capture sensitive details. From some point early in August until mid-September the same malicious software has been present on the Kitronik website," Hampson wrote.

It is believed that the details were swiped at the checkout stage, and Hampson added that customer accounts established prior to August would not have been impacted, though he was not able to confirm how many customers might have been affected.  

“Payment-card–skimming malware continues to be a security challenge for retailers around the globe,” said Rich Campagna, CMO, Bitglass. “British Airways, Newegg, and now Kitronik have all been victims of Magecart’s malware, highlighting the need for security solutions which monitor for vulnerabilities and threats, across all devices and applications, in real time.

With these capabilities, retailers can be proactive in detecting and thwarting breaches before they happen, ensuring that their customers’ sensitive information is protected.”

Magecart is a known malware that has proven successful in attacking other major companies very recently, and Kitronik had protections in place to monitor fraud. In his email to customers, Hampson noted, “Although we have a mechanism in place to alert us if the code on the website changes, this attack was very sophisticated and bypassed that code by making changes to the website database.”

What’s hot on Infosecurity Magazine?