The website of a gun manufacturing company, Smith & Wesson, was recently hacked when attackers injected it with a data retrieving code that was after credit card info.

According to recent data, anyone who recently purchased anything from the Smith & Wesson website — particularly around Black Friday — might be a victim of hackers. Security researchers recently discovered that the company’s site got infected by a malicious javascript code.

Stealing Credit Card Information

The purpose of the code is to steal user credit card information and forward it to attackers. Security experts believe that the code only appeared around November 27th. After that, the code remained active until yesterday, December 3rd.

The code was noticed by a fraud detection firm known as Sanguine Security, which noticed the ‘payment card skimming’ attack. The company reported that attackers used a Javascript program that runs whenever a US-based browser accesses the Smith & Wesson site.

Interestingly enough, the code doesn’t do much else, and it is mostly dormant until the user completes their browsing and moves on to make a purchase. In other words, the code only activates at the checkout, when it records the payment card data and sends it to the hacker.

Experts Found a Number of Similar Attacks

This is far from being the first attack of this kind. A similar incident happened only a month ago, at Macy’s. Once again, the attacker infected the company’s website with a code that focused on the checkout page.

Meanwhile, Sanguine Security’s Willem de Groot confirmed that the same hackers that targeted Smith & Wesson also attempted to infect dozens of other sites. He also noted that attackers are using numerous tactics and vulnerabilities to access secured websites, such as the flaw in Magento e-commerce software.

Another interesting detail is that hackers that hit Smith & Wesson used Sanguine Security’s name to pull off their attacks. The company’s name was used on two domains that were hosting the code — sanguinelab.net and sansec.us. Not only that, but hackers even used de Groot’s name to register the second of the two domains.

What are your thoughts regarding the incident? Have you used Smith & Wesson’s website around Black Friday? Let us know what you think of the attacks in the comments section below.


Images are courtesy of Shutterstock, Twitter, Pixabay.

Follow Author

Want to know more?

Join our Telegram Group and get trading signals, a free trading course and daily communication with crypto fans!

This site uses cookies.
Click here to accept the use of these cookies. View our cookie policy

We are discussing it in our Telegram Channel

Join

Free crypto community in our Telegram Channel

Join Now

We are discussing it in our Telegram Channel

Join

We are discussing it in our Telegram Channel

Join