What you need to know about formjacking

Formjacking has been a buzzword in the world of cyber security for the last year — but what is formjacking, and why do you need to be concerned about it?

Formjacking is a term we use to describe the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites.

Formjacking is not a new technique, but it attracted renewed interest in recent times due to a series of campaigns being carried out by an organization dubbed Magecart. Magecart was originally thought to be one group, but evidence has since emerged indicating that it is a number of groups all engaged in similar activity, with some of them, at least, in competition with one another.

The entity dubbed Magecart is believed to be behind many of the most high-profile formjacking attacks that have taken place in the last year, including attacks that affected household names like British Airways, Ticketmaster, and Newegg.

Symantec telemetry found that there were 4,818 unique websites compromised with formjacking code every month in 2018, with more than 3.7 million formjacking attempts in total blocked by Symantec in 2018. Attackers use the information they steal via formjacking to perform payment card fraud or sell these details to other criminals on the dark web. With data from a single credit card being sold for up to $45 on underground markets, the appeal of formjacking for cyber criminals is clear, and this sort of activity is likely to continue while it remains profitable for cyber criminals.

Learn more about formjacking in our explainer video:

Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cyber security.

Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.