A website collecting donations for the victims of the Australia bushfires were compromised by attackers by injecting a malicious script that steals the payment information of the donors.
The Malwarebytes Threat Intelligence Team has discovered a legitimate web site collecting donations for the tragic bushfires in Australia which was compromised by a Magecart script.
The donors were not targeted by this attack, but they were unfortunately caught in the cross fire.
When a visitor of the site adds an item to their cart, like a donation, a malicious credit-card skimmer script named ATMZOW will be loaded into the checkout pages.
During the checkout process if the user submits their payment information, the malicious script will steal the submitted information and send it to the vamberlo[.]com domain.
Jerome Segura of Malwarebyte stated that once they became aware of the compromised site, they had shut down vamberlo[.]com.
So, then any visitors to the site will no longer have their payment information stolen.
Since the code is still active on the site, it could be modified by the hackers to utilize a new domain that will enable the skimming script again.
The ecommerce store had been contacted by Malwarebytes regarding the malicious script injected into their site.