The latest attack takes aim at a vertical-specific e-commerce platform.
Blue Bear Software, an administration and e-commerce platform for K-12 schools and other educational institutions, is warning its customers that it has suffered a Magecart attack.
Blue Bear’s platform enables management of school accounting, student fees and online stores. In a letter to those affected (obtained by Bleeping Computer), the vendor’s parent company, Active Networks, said that anyone who had purchased items from a school webstore that was powered by its platform are potentially affected.
Magecart is an umbrella term encompassing several different threat groups who typically use the same modus operandi: They compromise websites by exploiting vulnerabilities in third-party e-commerce platforms, in order to inject card-skimming scripts on checkout pages.