A security researcher has found malicious code in Cancer.org’s online store. The malicious code can possibly intercept payments from the users.
The malicious code has been placed to look like analytics code. The code could send collected credit card numbers to a third-party server. The code carried a glitch as the loader was included in the code twice. However, the code was decoded to reveal the web address of the hackers. It is believed that this particular server was hosted from Irkutsk, Russia which is often used by the infamous Magecart.
In a blog post, the cybersecurity company Sanguine Security condemned the act and held Magecart (digital skimming group) responsible for causing the cybersecurity compromise. Magecart is known to steal credit card numbers to sell on the dark web.
It is believed that the code was injected sometime last week. The American Cancer Society was made aware of the existence of the malicious code. The website took down the code soon after.
American Cancer Society is now one amongst a long list of big organizations to be a victim of high profile skimming incidents that have taken place this year.