back to article Shopped recently in a small online store? Check this list to see if it was one of 570 websites infected with card-skimming Magecart

The payment-card-skimming Magecart malware has turned up on yet more websites, this time 570 spanning 55 countries, it emerged this week. The team at security biz Gemini Advisory said a long-running criminal gang dubbed Keeper compromised hundreds of online shopping sites over the past three years to install the software nasty …

  1. J. R. Hartley

    The title is no longer required.

    What a pisser. That thing about hiding it in the logos though, impressive.

    1. tcmonkey

      Re: The title is no longer required.

      Yeah, that was my reaction too. Very sneaky.

  2. harmjschoonhoven
    WTF?

    40000

    is the number of webshops in the Netherlands. According to the list by Gemini Advisory 28 were compromised. None of them are well known and most have names that will not inspire potential clients.

    1. diodesign (Written by Reg staff) Silver badge

      May the odds forever be in your favor.

      C.

    2. DavCrav

      Re: 40000

      "None of them are well known and most have names that will not inspire potential clients."

      I noticed that umbro.com was on the list. I know that's not Dutch, but that's a global brand.

      1. heyrick Silver badge

        Re: 40000

        orange.com, FFS!

    3. mistersaxon

      Re: 40000

      Agnes B, The Body Shop, and plenty of others are not small shops...

      1. First Light

        Re: 40000

        And in India, biotique is a national brand of body care products.

    4. macjules

      Re: 40000

      Poor Leicester City (lcfc.com). Not much luck coming their way at the moment.

  3. RM Myers
    Coat

    Upscalestripper was hacked!!

    How dare they! Is there no common decency left in the world? Websites selling crap tat, health care organizations, government services - I'm not saying it is okay to hack them, but the harm is obviously limited. But hacking Upscalestrippers - that is a step too far. We need to bring back hanging, drawing, and quartering forthwith!

    1. Jedit Silver badge
      IT Angle

      Re: Upscalestripper was hacked!!

      For obvious reasons I haven't actually visited the site, but could it be selling high quality paint strippers?

      1. RM Myers
        Happy

        Re: Upscalestripper was hacked!!

        Not unless it is body paint. At least that is what I, eh, heard from a friend.

        1. John Brown (no body) Silver badge

          Re: Upscalestripper was hacked!!

          I thought it was Upscales Trippers. Holidays or drugs, not sure which :-)

  4. DS999 Silver badge

    I won't shop at a small site

    Unless they take paypal. Had to get a new credit card number a couple times when it became compromised from online shopping, while it didn't cost me anything it is annoying so going via paypal which avoids these issues seems a better choice.

    1. Gene Cash Silver badge

      Re: I won't shop at a small site

      I've had too many friends with funds either frozen for months or outright taken by Paypal to ever trust them.

      You're damned if you do, and damned if you don't.

      1. DS999 Silver badge

        Re: I won't shop at a small site

        Paypal can't take your funds if you use them ONLY to pay people - and give paypal a credit card number so you can do a chargeback if they screw you (though I've never had to do so)

        I would never in a million years trust paypal with access to my bank account (or a debit card, which is the same thing) because I remember hearing many stories like your friends' in the past.

      2. sitta_europea Silver badge

        Re: I won't shop at a small site

        "I've had too many friends with funds either frozen for months or outright taken by Paypal to ever trust them."

        Yeah, me too. They just took my money and it wasn't enough to make it worth the hassle of getting it back.

        Fucking thieves.

    2. katrinab Silver badge

      Re: I won't shop at a small site

      The Body Shop is on the list. With 3000 retail outlets in 65 countries around the world, it is definitely not a small shop.

      I don't trust Paypal. I look for sites that take Apple Pay.

      1. DS999 Silver badge

        Re: I won't shop at a small site

        I'd use Apple Pay if there was a way to use it from my (non Apple) desktop where I do my shopping. Yes I could go my phone to complete a purchase when I've identified what I want, but that's too much hassle just to use a payment method I prefer.

        It would be cool if they set up something like having the site show a QR code you could show to your phone and it would do the authentication and send the OK that would be pushed to the website. But I guess Apple would prefer that I use a Mac running Safari to make my purchases instead :)

        1. Korev Silver badge

          Re: I won't shop at a small site

          It would be cool if they set up something like having the site show a QR code you could show to your phone and it would do the authentication and send the OK that would be pushed to the website.

          This is how Twint works here in Switzerland. Twint for shop payments is a PITA (the crappy beacons never work), but it's OK for online.

      2. Anonymous Coward
        Anonymous Coward

        Re: I won't shop at a small site

        Orange.com I would have thought was a pretty big scalp as well.

        And the devs wonder why we have to audit any and all 3rd party sites used on the website regularly...

      3. Paul Herber Silver badge

        Re: I won't shop at a small site

        But is that really the body shop's website or a version with, say, one or more of the 'o' characters replaced with a non-standard look-alike? bоdyshоp.com for example.

        1. Hubert Cumberdale Silver badge

          Re: I won't shop at a small site

          I had to look at the html to see exactly what you did there. Good show. Scary stuff.

    3. Doctor Syntax Silver badge

      Re: I won't shop at a small site

      "Unless they take paypal."

      Or order by phone.

      1. katrinab Silver badge
        Unhappy

        Re: I won't shop at a small site

        It is very likely that the person on the other end of the phone will enter the details into their website.

  5. Slabfondler
    Joke

    Star Wars chronology reference?

    Umm...

    "having administrators’ credentials compromised through sequel injections"

    That's sort of like starting a movie series in the middle?

    1. Steve K

      Re: Star Wars chronology reference?

      At least we know how this one ends!

  6. Anonymous Coward
    Anonymous Coward

    Well played El Reg.

    On the list are: Orange.com (Orange SFR), the Body Shop, among other large brands. Interesting to see some comments stating these websites are all smallscale local shops, as that is clearly not true!

    I hope you persist in asking Orange and the Body Shop for a response.

    Thanks.

    1. Anonymous Coward
      Anonymous Coward

      I'm never going to use guttering-expert.co.uk ever again!!!

      They left me hanging...

      1. macjules
        Coat

        And gutted I presume?

        1. Ken Shabby Bronze badge
          Unhappy

          bikes.com took me for a ride!

  7. Dale 3

    List sorting

    The PDF list of sites linked in the article is all over the place in terms of sorting. If you're looking for specific sites, use the search facility rather than looking manually through the list or you may miss them. The list looks to be alphabetical at the beginning, but goes haywire in the second column.

    1. Sgt_Oddball

      Re: List sorting

      It is in Alphabetical order, it's just that it goes onto the next page's column directly below not onto the secondary column on the same page.

  8. Anonymous Coward
    Anonymous Coward

    Oh jeeze...

    I really hope the Gemini Advisory teams statement was verbal...because it's "SQL" not "sequel", even though people keep pronouncing it that way.

  9. Fred Daggy Silver badge

    Paypay isn't your friend. Don't use them.

    A lot of the Fintech companies have interesting products around single use virtual credit cards. I use a Fintech that starts with 'R' and the account usually has a enough money on it for a train ticket, a beer and a mars bar. Load more only when required.

    Usual caveats apply. Caveat Emptor. Check for a banking license, insurance, WHERE it is licensed, etc.

    Best use, the GF occasionally buys stupid shite from late night TV. Her one non-fun vice. And forgets to pay the invoice. Single use, virtual, credit card means its done and dusted when she makes the call.

    1. heyrick Silver badge

      "single use virtual credit cards"

      Doesn't your bank provide that? Mine does - link to info (in French). It's the only sensible way to pay for stuff online.

    2. Solviva
      Linux

      Single use credit cards? Won't somebody think of the fish with all that plastic? Just saw on the Beeb today all those face masks ending up as fish fodder I mean people why do you insist on travelling to your nearest ocean just to throw your mask in, surely your rubbish bin is more convenient. If your rubbish bin then ends up in the ocean then that's hardly your problem.

      Oddly I had a Faceache ad today proclaiming an eID you can use at the local gambling outlet to save you needing a plastic card that lasts 5 or 10 years. Yeah I can see all that plastic wasted on ID cards is a really big problem! This is Sweden where the Green (4%) party have convinced the rest of the government that renewable energy is sufficient for the country. Which is why in the middle of the summer they needed to fire up an Oil powered power station to meet demand... Meanwhile they're shutting down the last nuke reactors because they're less green than oil hmm.

      1. Fred Daggy Silver badge

        "Virtual Credit Cards". Regenerated from within the app. I don't think I want to wait for a piece of plastic to be delivered when I make an impulse buy.

  10. Anonymous Coward
    Anonymous Coward

    Sounds like a phishing scam

    "Your information may have been hacked!

    For more information download this PDF from a website you've never heard of before!"

    Has anyone transcribed the list into a medium that is a little less hazardous? Like carved into sticks of dynamite?

    1. stiine Silver badge

      Re: Sounds like a phishing scam

      it opens as text with JS disabled. caveat empty...

  11. sitta_europea Silver badge

    Glad I've been dropping every packet from AS16276 all these years...

    /sbin/iptables -A immediate_tarpit -s 5.135.0.0/16 -m comment --comment "OVH" -j DROP

  12. eswan

    fertilizeronline.com hit

    Oh crap!

  13. stiine Silver badge
    Facepalm

    really had to reply so I could use that --->

  14. Nifty

    Would it be beyond the wit of the big email providers to offer a service to search your past emails for these domains to check if you've shopped with them? Due to lockdown shopping the variety of sites we buy from has multiplied by 10.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like