Feedify is compromised with code mirroring Magecart
source link: https://www.tuicool.com/articles/hit/neM7Nra
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Well crap. It looks like JavaScript library Feedify got owned and were serving Magecart :grimacing: any comment @ _Feedify ?
Check out the regex, looking for generic checkout processes :grimacing:
The Feedify thing is real, I've put in some YARA rules on web browsing threat intel feeds and it doesn't look like this is an isolated library either. Fun. Now I'm off to play Call of Duty and drink beer while I realise breaches are coming.
For anybody who missed it, the Feedify Javascript library was compromised with code mirroring Magecart, which steals credit cards. @ _Feedify quietly fixed it, haven't notified anybody and aren't responding to press. Feedify are embedded in thousands of ecommerce websites.
The Magecart code is back in @ _Feedify 's shared Javascript library again. All vendors (e-commerce, hotels etc) need to remove this JavaScript link ASAP from their stores as Feedify are clearly compromised.
You can follow Kevin Beaumont .
Download Threader to receive stories every day.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK