Skimmers Are Stealing Credit Card Information From US Restaurants

restaurant image

If you eat out or are in the habit of ordering take-out on a regular basis, be aware.

Recently, a large, well-organized web-skimming campaign has been uncovered that allowed hackers to swipe the payment card details for more than 300 restaurants, impacting more than 50,000 customers.

Web-skimmers are sometimes called Magecart malware and they are bits of JavaScript that collects credit card data when shoppers enter their card data on the checkout page on an online payment portal.

This latest campaign was brought to light by researchers at Recorded Future, who noticed suspicious activity on the ordering portals of InTouchPOS, Harbortouch, and MenuDrive.

There have been two distinct campaigns so far, with the first one beginning on January 18 of 2022 and impacting 80 different restaurants using MenuDrive and another 74 that were utilizing Harbortouch’s platform.

Big chains don’t typically use platforms like these, so most of the impacted restaurants were small, local operations widely scattered across the United States.  In both campaigns just mentioned, the web skimmer malware code was discovered on the restaurant’s web pages and its subdomain on the payment portal’s platform.

In the case of Harbortouch, a single malicious JavaScript was used, while two different scripts were deployed against MenuDrive users.

The second campaign targeted InTouchPOS beginning on November 12 of 2021, but most of the actual attacks occurred in January 2022.  Here, no details were stolen from the site itself but rather, the attackers overlaid a fake payment form on top of the legitimate one and harvested payment details that way.

Recorded Future reports that both campaigns appear to be ongoing, and the firm has alerted all impacted entities.  At the time this piece was written, they had not received a response back from anyone.

In any event, if you order online from a local eatery near you, keep a watchful eye on your account.  Your payment data may have been compromised.

Used with permission from Article Aggregator