NEW YORKâEight U.S. cities recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms, Trend Micro reported.
Five of those cities had already been victims of similar Magecart-style attacks in recent years, the company added in a new report.
Magecart refers to a style of attack that uses digital card skimming or scraping capabilities to steal card data from e-commerce platforms.
The latest series of attacks, which began in April, appears unrelated to the skimmer attacks against cities reported in September 2019 and 2018, Trend Micro Fraud Researcher Joseph Chen stated. Earlier Magecart attacks utilized a vulnerability in the Click2Go software whereas this time the attacks followed the traditional Magecart method of injecting a skimming code into JavaScript libraries.
"Once embedded in the script, a skimming code is loaded. In this instance, they used a very simplified method to solely target the payment form and hooked the embedded script only submit button. Simple yet targeted," Trend Micro said.
What Was Targeted
This new round of attacks targeted payment card information, including card number, expiration date and CVV, along with the card owner's name and address, according to Trend Micro, which did not name the cities that were targeted.
Click2Gov is a payment platform that municipalities use to collect payments for local services and taxes.
"Our analysis of both the skimmer and the infrastructure used could not find any connections between this breach and the incidents in 2018 and 2019," Chen says. "Nevertheless, five of the eight cities were also affected in the previous breaches. We believe that these [latest] attacks started on April 10 of this year and are still active."