The website of Canadian liquor distributor LCBO (Liquor Control Board of Ontario) was recently discovered to be infected with a web skimmer. This malicious code was designed to steal customers’ personal and payment card data during the checkout process. The security researchers at Sucuri, a cloud-based website security solutions provider, found that the attack was being operated by a group of threat actors identified as “LovGate.”
When Sucuri analyzed the malicious code they were able to determine how the attackers were exfiltrating the stolen data. The code also included URLs pointing to other domains, which were used to obfuscate the malicious activities. The attack was primarily affecting customers located in the Northeastern province of Ontario.
The malicious skimmer code is designed to prevent customers from benefiting from the normal checkout process, such as being able to cancel orders or return products. It does this by injecting malicious code directly into the website, which will then be executed when the customer completes their purchase. Once the code has been executed it will then extract personal information, such as billing and shipping addresses, as well as payment card details. It is not clear how long the malicious code had been active on the site before it was discovered.
Sucuri has urged all customers who have visited the site between the time of the attack and the time it was discovered to check and make sure that their payment card details have not been stolen. They also recommend changing their passwords to prevent any further data from being stolen, as well as keeping a close watch over their online statements and credit reports to ensure that they are not impacted by any further fraudulent activities.
SecurityWeek has reached out to LCBO for further comment but has yet to receive a response. It is not known at this time if the LCBO website has been completely cleaned of the malicious code or if the attackers have been able to steal any personal data.
This Cyber News was published on www.securityweek.com. Publication date: Sun, 22 Jan 2023 10:48:00 +0000