Pokemon trading cards China's Mars landing TCL soundbar deal The Woman in the Window Mass Effect: Legendary Edition Stimulus checks still coming

Puma Australia shoppers hit with credit card hack, researcher says

Thieves were stealing sensitive data from the website, including names, addresses and credit card numbers.

Business Logos in Edmonton

Hackers hid a sophisticated skimmer on Puma Australia's website, a security researcher finds.

Artur Widak/NurPhoto via Getty Images

Hackers hid sophisticated malware on Puma Australia's website that could steal your credit card information at checkout, a security researcher found.

Sanguine Security forensic analyst Willem de Groot said he found suspicious code tucked away on Puma Australia's page containing a script that logged people's credit card numbers, names and addresses when they typed them in on the website. The code sent victims' data over to a server registered in Ukraine, de Groot said.

The security researcher said he notified Puma last Friday and didn't hear back from the company. Puma didn't immediately respond to a request for comment.

Puma is the latest in a long line of businesses hit with credit card skimming malware connected to Magecart, a massive hacking operation targeting online shops. The skimming campaign is made up of multiple hacking groups that use the same malware and techniques, and goes after popular websites with vulnerabilities.

Those victims include the Atlanta Hawks, British Airways, and NewEgg, among many other businesses targeted by Magecart over the past few years.

"The single largest problem with Magecart is that consumers have absolutely no way to know that they got skimmed until it's too late, and that merchants lack the tools to properly deal with this," de Groot said.

Puma is one of the top sportswear brands in the world, with sales reaching $4 billion in 2018, according to financial reports. In the last year, Puma saw major growth in the Asia/Pacific region, where its Australian team operates.

Puma's popularity as a worldwide brand makes it a prime target for Magecart attackers. De Groot said he found the malware through a detection tool he developed, which finds Magecart code embedded on hundreds of stores a day.

The skimmer de Groot found on Puma Australia's website was one of the most sophisticated ones he had seen yet, the security researcher said.

This skimmer was able to camouflage itself by using typical code like "optEmbed" and "selectDuration." Typically, skimmers have to be specifically tailored for the payment system it's targeting, but de Groot found that this skimmer on Puma Australia's website was a jack of all trades.

He said he's found 77 other stores online with this new kind of skimmer from Magecart. It supports payment systems across the world, indicating a collaborative effort between hackers internationally.

"It has adapters for over 50 payment gateways, which means that the owner can deploy it quickly to newly hacked stores," de Groot said in a message. "It clearly took a massive effort to build support for all these payment systems." 

Now playing: Watch this: Biggest hacks of 2018