27. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

Researchers discovered an online skimmer on Segway’s online store which allowed malicious actors to acquire credit cards and personal information from customers during checkout. 

The store has been hacked by Magecart skimmer, is majorly known for Dean Kamen’s invention of the two-wheeled, self-balancing personal transporter, additionally, it also makes additional human mobility technologies.

“While the company doesn’t know how Segway’s site was hacked, an attacker will normally target vulnerabilities in the CMS system or one of its plugins.” “The hostname at store.segway[.]com runs Magento, a major content management system (CMS) utilized by numerous eCommerce sites and a favorite of Magecart threat actors.”

The attack was traced to Magecart Group 12 by Malwarebytes researchers who discovered a web skimmer on Segway’s online store (store.segway.com). The Segway store was connecting a known skimmer website (booctstrap[.]com), which has been operational since November and has been linked to prior Magecart attacks.

The Magento CMS was utilized to breach the store, and threat actors exploited loopholes in vulnerable versions of the CMS or one of its plugins. The firm also discovered a piece of JavaScript hidden in a file called “Copyright,” which isn’t harmful in and of itself but periodically loads the skimmer. Anyone analyzing the HTML source code will not see the skimmer because of this method.