Hackers hid sophisticated malware on Puma Australia's website that could steal your credit card information at checkout, a security researcher found.
Sanguine Security forensic analyst Willem de Groot said he found suspicious code tucked away on Puma Australia's page containing a script that logged people's credit card numbers, names and addresses when they typed them in on the website. The code sent victims' data over to a server registered in Ukraine, de Groot said.
The security researcher said he notified Puma last Friday and didn't hear back from the company. Puma didn't immediately respond to a request for comment.
Puma is the latest in a long line of businesses hit with credit card skimming malware, a massive hacking operation targeting online shops. The skimming campaign is made up of multiple hacking groups that use the same malware and techniques, and goes after popular websites with vulnerabilities.
"The single largest problem with Magecart is that consumers have absolutely no way to know that they got skimmed until it's too late, and that merchants lack the tools to properly deal with this," de Groot said.
Puma is one of the top sportswear brands in the world, with sales reaching $4 billion in 2018, according to financial reports. In the last year, Puma saw major growth in the Asia/Pacific region, where its Australian team operates.
Puma's popularity as a worldwide brand makes it a prime target for Magecart attackers. De Groot said he found the malware through a detection tool he developed, which finds Magecart code embedded on hundreds of stores a day.
The skimmer de Groot found on Puma Australia's website was one of the most sophisticated ones he had seen yet, the security researcher said.
This skimmer was able to camouflage itself by using typical code like "optEmbed" and "selectDuration." Typically, skimmers have to be specifically tailored for the payment system it's targeting, but de Groot found that this skimmer on Puma Australia's website was a jack of all trades.
He said he's found 77 other stores online with this new kind of skimmer from Magecart. It supports payment systems across the world, indicating a collaborative effort between hackers internationally.
"It has adapters for over 50 payment gateways, which means that the owner can deploy it quickly to newly hacked stores," de Groot said in a message. "It clearly took a massive effort to build support for all these payment systems."