Cyberattack hits donors for Australia bush fire charities

Even charities aren’t exempt from cybercriminals' schemes

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Criminals have hijacked websites looking to raise money for the victims of the devastating Australia fires.

According to theMalwarebytes Threat Intelligence Team, cybercriminals have injectedmalicious scriptinto donation sites to steal the payment information of donors.

This kind of attack is known asMagecartand it involves hackers compromising a website to inject malicious JavaScript code into a site’s ecommerce or checkout pages. These scripts are used to steal credit card or payment information which is then sent to a remote site controlled by the attackers.

While the attackers' intention was to target the site itself, unfortunately the donors as well as the victims of Australia’s bushfires will end up paying the price.

Magecart attack

Magecart attack

The Magecart attack targeting the donation website works by adding a malicious credit card skimmer script called ATMZOW into a user’s cart at the site’s checkout page. When they submit their payment information as part of the checkout process, the malicious script steals the submitted information and sends it to a domain controlled by the attackers.

According to MalwarebytesJérôme Segura, the compromised site has now been shut down which means that donors will no longer have their payment information stolen. However, as the code is still active on the site, the attackers could modify it to use a new domain and begin collecting user’s payment information once again.

Bad Packets Report’s Troy Mursch used the PublicWWW tool to discover that the same script used by the attackers is currently active on 39 other websites.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cybercriminals are constantly looking for new sites to target and unfortunately the donors trying to help victims of the Australian bushfires were caught in the crossfire.

ViaBleepingComputer

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Huge Black Friday Samsung sale: save up to $1,900 on QLED, OLED TVs, and more