Accessories Giant Claire’s Hacked To Steal Credit Card
US based jewelry and accessory giant Claire’s, and its subsidiary Icing, were compromised in April and have allowed hackers to gain access to customer’s credit cards, Sansec reports.
In a new report by cybersecurity firm Sansec, Claire’s website was compromised by attackers who attempted to steal customer’s payment information when purchasing from the site.
The malware was added to the (otherwise legitimate)
app.min.js file. This file is hosted on the store servers, so there is no “Supply Chain Attack” involved, and attackers have actually gained write access to the store code. Here is the heavily obfuscated copy:
Decoding this reveals the following malware:
The skimmer attaches to the submit button of the checkout form. Upon clicking, the full “Demandware Checkout Form” is grabbed, serialized and base64 encoded. A temporary image is added to the DOM with the
The image is located on the server as controlled by the attacker. Because all of the customer submitted data is appended to the image address, the attacker now has received the full payload. Immediately, the image element is removed.