Company specialists Malwarebytes warned that the site of the American company Tupperware, widely known in the world as a manufacturer of plastic food containers, was hacked and stole the data of bank cards of visitors. Tupperware is on the Alexa Top 100,000 Most Popular Sites, with an average of about 1 million people visiting it per month.
Researchers write that the web skimmer worked on the site for a while: for the first time, malicious code was noticed last Friday, March 20, 2020, but all attempts to notify Tupperware representatives about what was happening went unanswered. Hack worked thanks froma PNG image posted by criminals on the Tupperware website. Using steganography to hide the malicious code inside the image (and thereby avoid detection), the criminals uploaded an exploit to the company's website on or about March 9th.
Penetrating the resource, the malware imitated the official form of payment for the company. So, every time a user initiates a payment, the malicious code created an iframe that displayed a cloned payment form that disguised itself as the original Tupperware VISA CyberSource form. This form collected the information entered by the user (name and surname, billing address, phone number, bank card number, expiration date and CVV code), and then sent this data to the remote attackers server.
This iframe extracted content from deskofhelp (.) Com, which, according to experts, is registered at email@example.com.
“The criminals thought of their attack in such a way that buyers first entered the data in a fraudulent iframe, and then immediately saw an error disguised as a session timeout,” says Malwarebytes expert Jérôme Segura. – This allowed attackers to reload the page, this time with a legitimate form of payment. The victims re-entered their information, but by this time the data theft has already occurred. ”
According to the researcher, the malicious code was launched on pages in other languages, however, the malicious form was easy to detect, since the Tupperware website switched to the local language, and the malicious form was still displayed in English.
Currently malicious code was removed from the pages of the company’s website, however, while Tupperware representatives have not made official statements and have not commented on the Malwarebytes report.