American company Tupperware has just joined the list of private enterprises attacked by cybercriminals. In a security report, the company’s IT team revealed that a group of threat actors injected malicious code into their website to collect all user payment card data.
According to reports, this malicious code has been active on the company’s website for at least a week. A cybersecurity firm hired by Tupperware mentioned that the first signs of anomalous activity were reported last Friday, March 20, although the company did not respond to the first reports.
The threat actors used a malware variant to upload a fake payment form to the Tupperware website. Thus, every time users tried to make a purchase, they were actually sending their payment card data to a hacker-controlled address. Eventually, the criminals showed users an error window while the information was being extracted.
Among the information stolen from Tupperware customers are details such as:
- Full name
- Phone number
- Home address
- Card number
- Expiration date
- CVV key
So far Tupperware has not revealed additional details on the attack.
This type of malware is known as “skimmer” or Magecart scripts. It should be mentioned that the effectiveness of the attack varies depending on the region, as the fake form used by hackers is written in English, something very easy to detect for users in Spanish-speaking countries.
Because hundreds of millions of people are forcibly held in their homes, cybersecurity experts anticipate that it will increase the number of skimming scams, so users should stay on top of any possible attempts to skimming frauds.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.