Thousands of ecom checkouts compromised.

May 01 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s ‘blowing up like the World Trade’ ???? Thanks for the subs y’all!

Today’s hottest cyber security stories:

  • Introducing ‘Madgecart’: Coming to a payment screen near you… Unfortunately ????
  • Cybercriminals are gunning for UK rifle owners’ data. Wonder why ????
  • Italy’s ban on ChatGPT sleeps with the fishes. Huh? They lifted the ban. Geez ????


We know what you’re thinking: what the hell is a ‘Madgecart’? Our thoughts exactly. But hold on, we’ll get to that.

So, an ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users.

What is Madgecart?

The term Magecart is essentially a catch-all term that refers to several cybercrime groups which employ online skimming techniques to steal personal data from websites – most commonly, customer details and payment information on e-commerce websites.

If you’ve done much shopping online, you’ll no-doubt have seen one of these dialogue boxes pop up during the payment processing phase of the transaction. Often the name of your bank will appear in the corner and it may ask for some additional verification. That’s the point when the scam (or ‘skim’) takes place.

As you can imagine, the quality of these phishing attempts varies considerably. This latest one is pretty convincing, by all accounts, which is why we’ve deemed it necessary to draw your attention to it. We’re nice like that ????

Indeed, Jérôme Segura, director of threat intelligence at Malwarebytes, said: “The threat actor used original logos from the compromised store and customise a web element known as a modal to perfectly hijack the checkout page.

“The remarkable thing here is that the skimmer looks more authentic than the original payment page.”

These guys aren’t messing about. They’ve done homework and, as a result, have been able to convincingly implement their web skimmer on more than 70,000 stores! We told you they weren’t messing about!

The latest iteration, as observed by Malwarebytes on an unnamed Parisian travel accessory store running on the PrestaShop CMS, involved the injection of a skimmer called Kritec to intercept the checkout process and display a fake payment dialog to victims.

Once the payment card details are harvested, a fake error message about payment cancellation is briefly displayed to the victim before redirecting to the actual payment page, at which point the payment will go through.

“Discerning whether an online store is trustworthy has become very difficult and this case is a good example of a skimmer that would not raise any suspicion,” Segura said.

There’s not a lot users can do to actively evade these sorts of scams. As Segura said, the skimmer can look ‘even more authentic than the original payment page’.

So, all we can really do is put our faith (hope!?) in the cybersecurity experts who thankfully seem up to the challenge.

Still, unnerving nonetheless! Stay safe out there!


This one’s a bit scary. A recent cyberattack has successfully targeted and harvested data from members of the UK’s National Smallbore Rifle Association (NSRA).

Yep, British gun owners have found themselves in a bit of a sticky trigger finger situation! Apparently, the police are investigating the cyber-attack that could potentially affect thousands of them. That’s right, folks, these criminals have managed to harvest addresses of UK residents with guns.

The National Crime Agency (NCA) is taking this seriously and trying to figure out just how much trouble these gun owners are in. The National Smallbore Rifle Association (NSRA) confirmed that some of its members’ data had been compromised, which is never a good thing.

On the bright side, the rifle owners’ organisation is doing its part by sharing the details of the attack with local firearms police officers. They’re also urging anyone with security concerns to contact the police ASAP. So, let’s hope these gun owners stay safe and sound, and that the NCA and South East Regional Organised Cybercrime Unit (SEROCU) can sort this whole mess out.

At least when the criminals come knocking, the targets will be able to protect themselves… Though maybe not legal in the UK. #GunReformUK… Lol, just kidding.


Italy recently banned OpenAI’s fiendishly popular ChatGPT (more like CheatGPT, eh highschoolers?) over data concerns but have now lifted the ban.

Apparently, OpenAI’s CEO, Sam Altman, just couldn’t contain his excitement when he tweeted: “we’re excited ChatGPT is available in [Italy] again!”.

Italy’s data protection authority, Garante, got a little too paranoid and temporarily blocked access to ChatGPT on March 31, 2023. They were worried that OpenAI’s practices might violate some data protection laws.

But fear not, because OpenAI has met Garante’s demands and is back in action just in time for the April 30, 2023 deadline.

So, if you’re in Italy and feeling lonely, just fire up ChatGPT and have a conversation about life, love, and the pursuit of happiness.

Who needs real friends when you have a virtual buddy that can talk about anything and everything?

So long and thanks for reading all the phish!

Recent articles