Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants.

三个餐厅订购平台 MenuDrive、Harbortouch 和 InTouchPOS 再度成为 Magecart 掠夺目标，导致至少 311 家餐厅受到损害。（Magecart 是安全研究人员对至少 11 个不同黑客组织的总称，这些组织专门在电商网站上植入恶意软件代码，悄悄窃取客户的支付信息。）

The trio of breaches has led to the theft of more than 50,000 payment card records from these infected restaurants and posted for sale on the dark web.

三起违规行为导致这些受感染餐厅的 50,000 多条支付卡记录被盗，并在暗网上发布出售。

"The online ordering platforms MenuDrive and Harbortouch were targeted by the same Magecart campaign, resulting in e-skimmer infections on 80 restaurants using MenuDrive and 74 using Harbortouch," cybersecurity firm Recorded Future revealed in a report.

网络安全公司 Recorded Future在一份报告中透露：“在线订购平台 MenuDrive 和 Harbortouch 成为同一个 Magecart 活动的目标，导致 80 家使用 MenuDrive 的餐厅和 74 家使用 Harbortouch 的餐厅感染了e-skimmer 。”

"InTouchPOS was targeted by a separate, unrelated Magecart campaign, resulting in e-skimmer infections on 157 restaurants using the platform."

“InTouchPOS 是一个单独的、不相关的 Magecart 活动的目标，导致使用该平台的 157 家餐厅感染e-skimmer。”

Magecart actors have a history of infecting e-commerce websites with JavaScript skimmers to steal online shoppers' payment card data, billing information, and other personally identifiable information (PII).

Magecart 攻击者曾使用 JavaScript skimmers感染电子商务网站，以窃取在线购物者的支付卡数据、账单信息和其他个人身份信息 (PII)。

The first set of activities is believed to have started around January 18, 2022, and continued until the malicious domain used in the campaign was blocked on May 26. The InTouchPOS campaign, on the other hand, has remained active since November 12, 2021.

据信，第一组活动于 2022 年 1 月 18 日左右开始，一直持续到 5 月 26 日活动中使用的恶意域被阻止。另一方面，InTouchPOS 活动自 2021 年 11 月 12 日以来一直保持活跃。

It's worth noting that the data exfiltration domain used in the infections of MenuDrive and Harbortouch has also been identified by the U.S. Federal Bureau of Investigation (FBI) in a May 2022 flash alert.

值得注意的是，用于感染 MenuDrive 和 Harbortouch 的数据泄露域也已被美国联邦调查局（FBI）在2022 年 5 月的紧急警报中确定。

The attacks entail inserting malicious PHP code into the businesses' online checkout pages by taking advantage of known security flaws in the services to scrape and transmit the customer data to a server under the attacker's control.

这些攻击需要利用服务中已知的安全漏洞将恶意 PHP 代码插入企业的在线结帐页面，以抓取客户数据并将其传输到攻击者控制的服务器。

The idea is that by targeting online ordering platforms, it can lead to a scenario where when even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which enables "cybercriminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack."

这个想法是，通过针对在线订购平台，它可能导致一个场景，即使单个平台受到攻击，数十甚至数百家餐厅的交易都会受到影响，这使得“网络犯罪分子能够窃取大量客户支付卡数据与他们实际入侵的系统数量不成比例。”

The development is significant for a number of reasons. First, the intrusions are a departure from the threat actor's traditional targeting of the Magento e-commerce platform, a fact exemplified by the uptick in skimmer attacks aimed at a WordPress plugin named WooCommerce.

出于多种原因，这一发展意义重大。首先，这些入侵与攻击者对 Magento 电子商务平台的传统目标背道而驰，这一事实以针对名为 WooCommerce 的 WordPress 插件的 skimmer 攻击的增加为例。

Furthermore, it serves to highlight how Magecart campaigns are now singling out small, local restaurants that rely on third-party software from lesser-known online ordering services in lieu of designing their own checkout web pages, effectively widening the pool of attack vectors.

此外，它有助于强调 Magecart 活动现在如何从鲜为人知的在线订购服务中挑选出依赖第三方软件的小型本地餐馆，以代替设计自己的结账网页，从而有效地扩大了攻击向量的范围。

"Centralized ordering platforms servicing multiple merchants offer a unique opportunity for Magecart threat actors to collect customer PII and payment card data," the researchers said. "Cybercriminals' increasing interest in targeting online ordering platforms represents a new dimension of risk for restaurants."

研究人员说：“为多个商家提供服务的集中式订购平台为 Magecart 攻击者收集客户 PII 和支付卡数据提供了独特的机会。” “网络犯罪分子对在线订购平台的兴趣日益浓厚，这代表了餐馆面临的新风险。”

信言不美，美言不信；善者不辩，辩者不善，知者不博，博者不知。

——《道德经.第八十一章》

本文翻译自：

https://thehackernews.com/2022/07/magecart-hacks-online-food-ordering.html

如若转载，请注明原文地址

翻译水平有限 :(

有歧义的地方，请以原文为准 ：）