(4).jpg)
A hacker group is believed to be behind a data breach that has impacted 201 online stores, which cater to 176 colleges and universities in both Canada and the US.
The hackers slipped in malicious JavaScript code on the checkout and payment pages of the affected online stores to record payment card data. The recorded data is then uploaded on the hackers’ servers, allowing them to resell the data on the underground market.
The tactic has been dubbed by cyber security researchers as a “Magecart” attack.
In a news release, Trend Micro reported that this particular Magecart attack was first detected on April 14. It impacted PrismRBS, the company behind the e-commerce platform PrismWeb, which was used by many of the affected campus stores.
Trend Micro explained that the attackers breached PrismRBS and modified the PrismWeb platform to include a malicious JavaScript file – dubbed “Mirrorthief” – which affected all digital storefronts running the system. The script was designed to look and run like a file part of the Google Analytics service and was active until April 26, when Trend Micro notified PrismRBS of the suspicious behaviour.
After being notified of the malicious script, PrismRBS immediately took action and removed the code.
Of the 176 colleges and universities potentially impacted by the attack, 21 are based in Canada, Trend Micro noted.
ZDNet reported that PrismRBS had formally acknowledged the hack and will notify impacted colleges. The developer also said that it has approached an external IT forensic firm to investigate the breach incident.
