The notorious MageCart Gang once again made it to the news since attacking another e-commerce store. This time, it is a P&G e-store that suffered the MageCart attack. The ‘First Aid Beauty’ site infection remained unnoticed for several months.
P&G E-Store Under MageCart Attack
Reportedly, an online beauty store belonging to Procter And Gamble has recently suffered a malware attack. The P&G e-store faced the MageCart attack that kept the site infected since May 2019.
The researcher Willem de Groot first noticed this attack. He also explained that the attack, which continued since May 5, 2019, had a ‘fairly advanced’ operation. The malicious code on the website would remain dormant for visitors outside US. Also, it stayed inactive upon detecting Linux users. The latter feature seemed an attempt to evade detection since most security researchers use Linux.
De Groot shared the news in one of his tweets.
Hacked: @ProcterGamble’s https://t.co/qz62iHDazn has had a payment skimmer since May 5th. Fairly advanced: malware does not activate for non-US visitors, or if you run Linux (ie security researchers). pic.twitter.com/HAc7UunK5n
— Willem de Groot (@gwillem) October 25, 2019
Although, the skimmer code, in this case, looked heavily obfuscated. The researcher also shared a deobfuscated version that looks poised to steal from users.
P&G Investigating The Attack
Upon discovering the existence of the malicious code, the researcher reported it to Procter and Gamble. However, he didn’t hear anything back from the firm for over a week. Eventually, he disclosed the matter publicly in a tweet.
Finally, according to BleepingComputer, the affected website no longer contains malicious code. Also, the firm has released a statement regarding the matter.
Consumer trust is fundamental to us, and we take data privacy very seriously. As soon as we learned about the compromise of the First Aid Beauty site, we moved quickly to take the site down and minimize the impact to our consumers. We are currently investigating the source of the malware and working to identify and notify those consumers who might have been impacted to ensure we provide them the necessary support.
However, until the time of writing this article, the website displayed an ‘Error 503: Service Unavailable’ note.
First Aid Beauty is an online beauty store originally established in 2009. Last year, P&G acquired it for $250 million. However, the company did not integrate the website to P&G, and the brand continued to exist seemingly independently.