Magecart and data skimming

Magecart and other online data skimming attacks are responsible for millions of dollars in damages to businesses each year from theft and fraud.

What is Magecart?

Magecart is an umbrella term that refers to at least seven cybercriminal groups that focus on placing data skimmers on websites in order to steal personal information like credit card credit card numbers, birth dates, social security numbers, and more.

Magecart attacks typically inject malicious JavaScript into a website, targeting vulnerabilities within the website code or by exploiting a third-party service provider.

Attack guide: How Magecart skimming attacks workRelated Solution briefMagecart: What it is, how it works, and how to prevent itRelated Webinar

How a Magecart attack works

  1. Attackers inject malicious JavaScript into your website by exploiting a vulnerability in your first-party code or a third-party JavaScript tag that is present on the website.
  2. Shared libraries injected with the malicious script are uploaded to your web app or website.
  3. Your customer accesses a compromised page on your web app and unwittingly loads a skimming script in their browser.
  4. When they enter sensitive data like credit cards, social security numbers, or passwords into a form, it is sent back to the attacker’s server.
  5. The hackers receive your customers’ personal data.
How a Magecart attack works

If you have an online presence — your business is a target

Cybersecurity issues are an unfortunate reality of today’s modern world, and most likely, you are facing the challenge of how to keep your organization and your customers safe. 

It’s estimated that Magecart has hit at least 17,000 domains in the last few months alone...and counting. 

Magecart attacks often take advantage of vulnerabilities within the code of third-party scripts or tags that are used to add chatbots, analytics tracking, or shopping cart payment processing services.

New wave of Magecart attacks targeting Amazon S3 bucketsRelated Blog

And you probably don't have the right protection

Research shows businesses are poorly prepared to deal with skimming attacks that inject malicious code into third-party JavaScript:


Why are Magecart attacks so successful? They are very hard to detect.

50 percent of content on the average website comes from a third party. Third-party JavaScript, in the form of tags or scripts, is an essential component of modern web applications and used to add advanced capabilities like:

  • Dynamic content for personalization
  • Live chat
  • Interactive inventory
  • Tracking analytics
  • Retargeting display ads 

But it all comes at a price.

Unfortunately, third-party scripts have the same access to data and resources as your own first-party code without having to pass through your internal infrastructure or the same security controls. This means breaches can go undetected for weeks.

British Airways under attack

A 2018 Magecart attack on British Airways went undetected for just 15 days, but hackers stole sensitive transaction details from 380,000 customers. They were slapped with a $240 million fine by the UK’s privacy authority for failing to protect its customers’ data.

If Magecart can breach British Airways, it can happen to you.


Web Skimming Protection

You can’t protect every line of code, but you can limit what attackers access

Magecart attacks steal data from within the browser, requiring a new type of security to prevent data exfiltration. Instart offers industry-leading protection against Magecart and other data skimming attacks. Instart uses its unique Nanovisor technology to provide control around what form fields on a website can be accessed by third-party JavaScript.

More about Web Skimming Protection

Learn about Web Skimming Protection

Read more

Why CSP and SRI alone won’t protect you against web skimming attacks like Magecart

Read more
Read more

Understanding the value of Instart security solutions

Read more