Cyber Attacks

Australia Bushfire Donors Affected by Credit Card Skimming Attack


A website collecting donations for the victims of the Australia bushfires were compromised by attackers by injecting a malicious script that steals the payment information of the donors.

This type of attack popularly called Magecart involves hackers compromising a web site and injecting malicious JavaScript into eCommerce or checkout pages. These scripts will then steal any credit cards or payment information which is entered by the user and send it off to a remote site under the attacker’s control.

The Malwarebytes Threat Intelligence Team has discovered a legitimate web site collecting donations for the tragic bushfires in Australia which was compromised by a Magecart script.

The donors were not targeted by this attack, but they were unfortunately caught in the cross fire.

When a visitor of the site adds an item to their cart, like a donation, a malicious credit-card skimmer script named ATMZOW will be loaded into the checkout pages.

During the checkout process if the user submits their payment information, the malicious script will steal the submitted information and send it to the vamberlo[.]com domain.

Jerome Segura of Malwarebyte stated that once they became aware of the compromised site, they had shut down vamberlo[.]com.

So, then any visitors to the site will no longer have their payment information stolen.

Since the code is still active on the site, it could be modified by the hackers to utilize a new domain that will enable the skimming script again.

The ecommerce store had been contacted by Malwarebytes regarding the malicious script injected into their site.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    New Iranian data wiper malware hits Bahrain’s national oil company

    Previous article

    Cable modems vulnerable to new Cable Haunt vulnerability

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *