Expert researchers at cybersecurity firm RiskIQ have discovered an online attack aimed at NutriBullet’s dedicated website.

The cyber-assault involved the successful installation of malware designed to steal payment card details, also known as a Magecart attack. The researchers identified three separate attacks against the company, which sells food blenders, in as many weeks.

Card skimming tactics employed against NutriBullet

According to RiskIQ researchers, the newly revealed attacks seem to have begun around late February this year. The cybersecurity firm identified the threat operators responsible for installing the skimming software on NutriBullet.com as Magecart Group 8. The malware used in the trio of attacks is a skimmer that utilises JavaScript and a form of malware observed by RiskIQ as being employed by operators at Magecart Group 8 from 2018 onwards. Magecart Group’s insidious activities have been going on for far longer, however, and it has been credited with multiple attacks against well-known brands dating back to 2016.

According to RiskIQ, its team tried to warn NutriBullet of the attacks through the blender vendor’s support channel and by contacting NutriBullet’s chiefs using LinkedIn. However, following no reply to its urgent alerts, RiskIQ chose to act itself. The cybersecurity firm launched and headed a takedown of the malicious domain for data exfiltration being employed by the Magecart gang to harvest the stolen payment card data. It did this with assistance from not-for-profit anti-malware champions ShadowServer and AbuseCH.

The unwelcome return of Magecart Group 8

Experts at RiskIQ explained that the card skimming malware had been taken off NutriBullet’s website on March 1st following the domain takedown, but by March 7th the Magecart gang had hit again, implanting a second dose of the skimmer, and establishing a new domain. Once more without any help from NutriBullet, the security firm worked with its non-profit partners to intercept the gang’s payment detail-stealing solution.

In light of this second attack, RiskIQ kept a vigilant watch on NutriBullet’s eCommerce site. Their dedication and commitment was rewarded on March 10th, when the Magecart gang returned for yet another attack using the same card skimming strategy.

The cybersecurity firm immediately contacted the blender vendor through its PR agency to raise the alarm. NutriBullet has now made a public statement commenting on the incident:

“NutriBullet takes cybersecurity and personal privacy extremely seriously and is dedicated to the protection of our customers. Our IT team immediately sprang into action this morning (3/17/20) upon first learning from RiskIQ about a possible breach. The company’s IT team promptly identified malicious code and removed it. We have launched forensic investigations to determine how the code was compromised and have updated our security policies and credentials to include Multi-Factor Authentication as a further precaution. Our team will work closely with outside cybersecurity specialists to prevent further incursions. We thank RiskIQ for bringing this issue to our attention.”

Experts believe that Magecart attacks are likely to not only continue to have a prevalent presence on the cyber threat landscape but will undoubtedly evolve too, becoming ever more sophisticated.