Sneakerheads met an unwelcome surprise last month: a “large-scale hacking operation” targeting counterfeit sneaker sites.
Malwarebytes Labs, a company committed to protecting consumers from malware, recently discovered malicious scripts called “Magecart attacks” installed on hundreds of counterfeit sneaker sites.
These scripts scan credit card information from buyers and send them to a remote server operated by hackers.
“We recently identified a credit card skimmer injected into hundreds of fraudulent sites selling brand name shoes,” Malwarebytes Labs explains, “unfortunate shoppers may not only be disappointed with the faux merchandise, but they will also relinquish their personal and financial data to Magecart fraudsters.”
How do they do this?
First, hackers promote these infected counterfeit sites through posts and forums that direct unsuspecting users back to the site. It’s here that consumers find Nike shoes once offered at $2,000 now selling for $134.
“To avoid falling into one of their traps, there are a couple of simple steps you can take,” Forbes’ Lee Mathews explains, “for starters, remind yourself that if something seems too good to be true, it probably is. Online counterfeiters tend to promise jaw-dropping discounts on highly sought-after items that often command a premium.”
To protect yourself from this kind of attack, Mathews suggests installing a browser extension to detect and block malicious scripts. Malwarebytes Labs offers one here.
Where to find more info.
To check the full list of compromised stores, visit Malwarebytes’ blog.