Info-stealing malware pounces on Puma Australia's webstore

The Australian webstore of Puma continues to be infected by malware that exfiltrates customer details, with the multinational sports gear vendor not responding to alerts about the compromise.

Willem de Groot of security vendor Sanguine Security confirmed to iTnews that despite notifiying Puma's Australian online e-commerce operation, the site continues to be infected by Magecart malware.

Magecart is a skimmer malware that targets vulnerable Magento webstores, and Sanguine Security detected the infection on April 25.

The 2.2 version of Magento running on Puma Australia's webstore appears to have been patched against a critical vulnerability as of yesterday, de Groot said.

That the webstore continues to serve up malware could be due to the attackers gaining access before the patch was applied. Attackers may also have exploited insecure third-party components such as marketing plug-ins, database management tools and accounting software to gain access to the core shop system de Groot said.

In the case of Puma Australia, the malware sends sneaker-ordering customer details, including their names, addresses and credit card information to a server registered on a network in Odessa.

The sophisticalted Magecart malware targets 57 payment gateways around the world, including Pin Payments, eWAY Rapid, Fat Zebra, and Payment Express in Australia, de Groot said.

iTnews has contacted Puma Australia and the sports equipment vendor's German head office for comment.