Puma Australia shoppers hit with credit card hack, researcher says

Thieves were stealing sensitive data from the website, including names, addresses and credit card numbers.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read
Business Logos in Edmonton

Hackers hid a sophisticated skimmer on Puma Australia's website, a security researcher finds.

Artur Widak/NurPhoto via Getty Images

Hackers hid sophisticated malware on Puma Australia's website that could steal your credit card information at checkout, a security researcher found.

Sanguine Security forensic analyst Willem de Groot said he found suspicious code tucked away on Puma Australia's page containing a script that logged people's credit card numbers, names and addresses when they typed them in on the website. The code sent victims' data over to a server registered in Ukraine, de Groot said.

The security researcher said he notified Puma last Friday and didn't hear back from the company. Puma didn't immediately respond to a request for comment.

Puma is the latest in a long line of businesses hit with credit card skimming malware connected to Magecart, a massive hacking operation targeting online shops. The skimming campaign is made up of multiple hacking groups that use the same malware and techniques, and goes after popular websites with vulnerabilities.

Those victims include the Atlanta Hawks, British Airways, and NewEgg, among many other businesses targeted by Magecart over the past few years.

"The single largest problem with Magecart is that consumers have absolutely no way to know that they got skimmed until it's too late, and that merchants lack the tools to properly deal with this," de Groot said.

Puma is one of the top sportswear brands in the world, with sales reaching $4 billion in 2018, according to financial reports. In the last year, Puma saw major growth in the Asia/Pacific region, where its Australian team operates.

Puma's popularity as a worldwide brand makes it a prime target for Magecart attackers. De Groot said he found the malware through a detection tool he developed, which finds Magecart code embedded on hundreds of stores a day.

The skimmer de Groot found on Puma Australia's website was one of the most sophisticated ones he had seen yet, the security researcher said.

This skimmer was able to camouflage itself by using typical code like "optEmbed" and "selectDuration." Typically, skimmers have to be specifically tailored for the payment system it's targeting, but de Groot found that this skimmer on Puma Australia's website was a jack of all trades.

He said he's found 77 other stores online with this new kind of skimmer from Magecart. It supports payment systems across the world, indicating a collaborative effort between hackers internationally.

"It has adapters for over 50 payment gateways, which means that the owner can deploy it quickly to newly hacked stores," de Groot said in a message. "It clearly took a massive effort to build support for all these payment systems." 

Watch this: Biggest hacks of 2018