Kevin Beaumont I tweet the weird (cybersecurity) stuff. Won “Best EU Security Tweeter" at #infosec18. Porg lover 💖 Tweets my own, not my employer. [email protected] Sep. 11, 2018 1 min read

Well crap. It looks like JavaScript library Feedify got owned and were serving Magecart 😬 any comment @_Feedify?

Check out the regex, looking for generic checkout processes 😬

The Feedify thing is real, I've put in some YARA rules on web browsing threat intel feeds and it doesn't look like this is an isolated library either. Fun. Now I'm off to play Call of Duty and drink beer while I realise breaches are coming.

For anybody who missed it, the Feedify Javascript library was compromised with code mirroring Magecart, which steals credit cards. @_Feedify quietly fixed it, haven't notified anybody and aren't responding to press. Feedify are embedded in thousands of ecommerce websites.

The Magecart code is back in @_Feedify's shared Javascript library again. All vendors (e-commerce, hotels etc) need to remove this JavaScript link ASAP from their stores as Feedify are clearly compromised.


You can follow Kevin Beaumont.

____
Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Support Threader on Patreon.