The payment details of hundreds of thousands of people have been stolen, but the threat has not yet been eliminated.
The well-known American sports equipment brand Everlast, which specializes in boxing and mixed martial arts products, has been subjected to a cyberattack. Hackers from a group linked to the largest online bank robbery in history have secretly stolen credit card information from customers of the company's online store.
As cybersecurity researchers found out, cybercriminals had previously introduced a malicious skimmer on the official website of everlast.com, which intercepted users' confidential data during online payments. The vulnerability has not yet been fixed.
Customers who have recently purchased from Everlast are advised to take immediate steps to protect their data. At a minimum, reissue the card they used to pay on the site.
Attackers actively used the skimmer for at least three weeks until this Monday. The malicious code was first discovered on July 11th. However, it could have lasted longer, as the closest saved copy of the site without the Trojan is dated June 7th.
Experts believe that hackers from the Magecart group, whose adventures in cyberspace we have already written about earlier, are responsible for the attack on Everlast. Apparently, this group is somehow connected with the Cobalt Group, and it, in turn, is connected with Carbanak, a group of cybercriminals known for stealing from ATMs and payment systems.
The Everlast website has over 280,000 monthly visitors, mostly from the US (59%), UK (10%), Vietnam (3%), France (3%) and Germany (2%). The brand is owned by the Frasers Group (formerly Sports Direct International) and is represented in more than 75 countries.
The attack on Everlast consisted of two stages. First, a fragment was injected into the code of the site "everlast.com" causing the download of malicious JavaScript "bootstrap.js" from another site - "cardkaze.com".
Then, in the process of paying for the goods, the skimmer itself was loaded. It tracked user actions and intercepted card data during checkout. This information was sent to attackers via Telegram and included the following data:
The hackers masked the malicious code by downloading it from other sites. In addition, the script is heavily encrypted and obfuscated. This makes it difficult to detect.
Data stolen from victims' accounts can now be used for financial fraud and unauthorized transactions.
Everlast buyers should immediately contact the bank, block the card and get a new one. You should also carefully examine statements for suspicious transactions. If fraudulent transactions are detected, it is necessary to report them to law enforcement agencies.
Everlast, in turn, should identify the source of data leakage and eliminate it, change compromised credentials and strengthen security measures. Only an integrated approach will prevent the recurrence of this incident in the future.
The well-known American sports equipment brand Everlast, which specializes in boxing and mixed martial arts products, has been subjected to a cyberattack. Hackers from a group linked to the largest online bank robbery in history have secretly stolen credit card information from customers of the company's online store.
As cybersecurity researchers found out, cybercriminals had previously introduced a malicious skimmer on the official website of everlast.com, which intercepted users' confidential data during online payments. The vulnerability has not yet been fixed.
Customers who have recently purchased from Everlast are advised to take immediate steps to protect their data. At a minimum, reissue the card they used to pay on the site.
Attackers actively used the skimmer for at least three weeks until this Monday. The malicious code was first discovered on July 11th. However, it could have lasted longer, as the closest saved copy of the site without the Trojan is dated June 7th.
Experts believe that hackers from the Magecart group, whose adventures in cyberspace we have already written about earlier, are responsible for the attack on Everlast. Apparently, this group is somehow connected with the Cobalt Group, and it, in turn, is connected with Carbanak, a group of cybercriminals known for stealing from ATMs and payment systems.
The Everlast website has over 280,000 monthly visitors, mostly from the US (59%), UK (10%), Vietnam (3%), France (3%) and Germany (2%). The brand is owned by the Frasers Group (formerly Sports Direct International) and is represented in more than 75 countries.
The attack on Everlast consisted of two stages. First, a fragment was injected into the code of the site "everlast.com" causing the download of malicious JavaScript "bootstrap.js" from another site - "cardkaze.com".
Then, in the process of paying for the goods, the skimmer itself was loaded. It tracked user actions and intercepted card data during checkout. This information was sent to attackers via Telegram and included the following data:
- email;
- name / surname of the victim;
- phone number;
- full home address;
- card number;
- card expiry date;
- three-digit CVC code of the card.
The hackers masked the malicious code by downloading it from other sites. In addition, the script is heavily encrypted and obfuscated. This makes it difficult to detect.
Data stolen from victims' accounts can now be used for financial fraud and unauthorized transactions.
Everlast buyers should immediately contact the bank, block the card and get a new one. You should also carefully examine statements for suspicious transactions. If fraudulent transactions are detected, it is necessary to report them to law enforcement agencies.
Everlast, in turn, should identify the source of data leakage and eliminate it, change compromised credentials and strengthen security measures. Only an integrated approach will prevent the recurrence of this incident in the future.
