Expert researchers at cybersecurity firm RiskIQ have discovered an online attack aimed at NutriBullet’s dedicated website.
The cyber-assault involved the successful installation of malware designed to steal payment card details, also known as a Magecart attack. The researchers identified three separate attacks against the company, which sells food blenders, in as many weeks.
Card skimming tactics employed against NutriBullet
According to RiskIQ, its team tried to warn NutriBullet of the attacks through the blender vendor’s support channel and by contacting NutriBullet’s chiefs using LinkedIn. However, following no reply to its urgent alerts, RiskIQ chose to act itself. The cybersecurity firm launched and headed a takedown of the malicious domain for data exfiltration being employed by the Magecart gang to harvest the stolen payment card data. It did this with assistance from not-for-profit anti-malware champions ShadowServer and AbuseCH.
The unwelcome return of Magecart Group 8
Experts at RiskIQ explained that the card skimming malware had been taken off NutriBullet’s website on March 1st following the domain takedown, but by March 7th the Magecart gang had hit again, implanting a second dose of the skimmer, and establishing a new domain. Once more without any help from NutriBullet, the security firm worked with its non-profit partners to intercept the gang’s payment detail-stealing solution.
In light of this second attack, RiskIQ kept a vigilant watch on NutriBullet’s eCommerce site. Their dedication and commitment was rewarded on March 10th, when the Magecart gang returned for yet another attack using the same card skimming strategy.
The cybersecurity firm immediately contacted the blender vendor through its PR agency to raise the alarm. NutriBullet has now made a public statement commenting on the incident:
“NutriBullet takes cybersecurity and personal privacy extremely seriously and is dedicated to the protection of our customers. Our IT team immediately sprang into action this morning (3/17/20) upon first learning from RiskIQ about a possible breach. The company’s IT team promptly identified malicious code and removed it. We have launched forensic investigations to determine how the code was compromised and have updated our security policies and credentials to include Multi-Factor Authentication as a further precaution. Our team will work closely with outside cybersecurity specialists to prevent further incursions. We thank RiskIQ for bringing this issue to our attention.”
Experts believe that Magecart attacks are likely to not only continue to have a prevalent presence on the cyber threat landscape but will undoubtedly evolve too, becoming ever more sophisticated.