Online poker websites have now become the latest targets of Magecart hackers. According to a recent report from Malwarebytes, credit card skimmers have begun infesting poker web domains, putting player security in jeopardy.
The first two web poker domains infiltrated by the cybercriminals are related to the PokerTracker software application used by players to improve their chances of winning. Jerome Segura, director of threat intelligence at Malwarebytes said the app’s user interface shows infected web pages, posing serious risks to poker players and enthusiasts who are either using the PokerTracker app or visiting the affected websites related to PokerTracker.
These cybercriminals are part of a consortium of malicious hacker groups known as “Magecart“. They usually target e-commerce websites empowered by the Magento open-source platform and steal sensitive data entered by customers into online shopping cart systems. The fact that they have now managed to infiltrate poker web domains that use a different content management network shows that they have now become more sophisticated in carrying out their attacks.
The process enables them to inject the skimmer which then copies private data to a malicious domain. The said domain hosts multiple skimmers that are customized according to their target websites.
Poker Sites Should Update Their CMS
Magecart hackers are known to attack e-commerce checkout pages, but the latest discovery was unusual as the web pages affected were not necessarily online shopping sites. It appears that websites using old CMS versions are the most likely to be targeted.
The owners of PokerTracker have since fixed the Drupal issue to prevent similar incidents in the future, but it should serve as warning for other poker websites out there to regularly update their CMS to safeguard their systems from such attacks.
Introducing tighter content security policies is not enough as it does not have the ability to track unreliable third-party scripts being brought in on the site. Online Poker websites should perform consistent monitoring of all scripts running on their websites and make sure that only those authorised are being allowed to execute.