Notification service Feedify became another victim of the MageCart grouping

One of the JavaScript files Feedify was infected with malicious code that steals data from payment cards.

The Feedify notification service has added to the list of victims of the malicious MageCart campaign, which included Ticketmaster Ticketmaster and British Airways.

According to a researcher known on the Web as Placebo, one of the files used by Feedify JavaScript (feedbackembad-min-1.0.js) was infected with malicious code that steals data of payment cards.

Feedify offers a PUSH notifications service for websites that they can use to inform users about various events, for example, about publishing new content, etc. To do this, customers need to embed the JavaScript Feeding library in their site. According to the company, its client base includes more than 4 thousand customers, however, according to the PublicWWW signature search service, the library is installed on a relatively small number of sites (250-300).

According to experts, the library was modified on August 17 this year, September 11 Placebo notified the company of its findings. On the same day, the malicious code was deleted, but after a day the file was again infected. The company removed the code again, but the MageCart members were persistent and added it a third time. At the time of writing, the file feedbackembad-min-1.0.j still contained the MageCart script.

Grouping MageCart is active since 2015. The first two years, attackers mostly attacked sites on the Magento platform, but later changed tactics and switched to larger services.

Leave a Reply