Robbery of 50k credit cards from 300 U.S. restaurants using skimmers

On Tuesday, Payment card details from customers of more than 300 U.S. restaurants have been stolen in two web-skimming campaigns targeting three online ordering platforms.

Web-skimmers, or Magecart malware, are usually JavaScript code that collects credit card data when online shoppers type it on the checkout page.

According to Bleeping Computer, Recently, Recorded Future’s threat detection tools identified two Magecart campaigns injecting malicious code into the online ordering portals of MenuDrive, Harbortouch, and InTouchPOS.

As a result, 50,000 credit cards were robbed and have already been put for sale on various marketplaces on the dark web.

On January 18, 2022, the first campaign began and it struck 80 restaurants using MenuDrive and 74 that used the Harbortouch platform.

Many of these restaurants were small local establishments across the U.S. using the platform as a cost-efficient alternative to outsourcing the online ordering process.

On both platforms, the web skimmer was inserted into the restaurant’s web pages and its assigned subdomain on the online payment service’s platform.

“The malware deployed for MenuDrive used two scripts, one for snatching the payment card data and another for collecting the cardholder’s name, email address, and phone number, achieved by attaching to the ‘onmousedown’ event and “responding to clicks of multiple buttons during the account creation and checkout process”,” a source as per Bleeping Computer.