{ "id": "71796b0d-9763-49f7-bcb6-bae5d2c0e674", "created_at": "2026-04-06T00:13:34.806362Z", "updated_at": "2026-04-10T03:24:11.869556Z", "deleted_at": null, "sha1_hash": "b70bd0a2905180f48da69433e07a9c823951672d", "title": "Feedify Hacked with Magecart Information Stealing Script", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 5179682, "plain_text": "Feedify Hacked with Magecart Information Stealing Script\r\nBy Lawrence Abrams\r\nPublished: 2018-09-12 · Archived: 2026-04-05 15:11:11 UTC\r\nA script used by the customer engagement service Feedify has been hacked to include the malicious MageCart script.\r\nMageCart is malicious code used by attackers to steal credit card details and other information from e-commerce sites when\r\na user submits a form.\r\nIn order to use the Feedify service, e-commerce sites need to add a Feedify JavaScript script to their site. If the\r\nFeedify script is compromised with MageCart, any visitors who go to e-commerce site that uses the Feedify script will also\r\nload the malicious code.\r\nThis hack was first noticed by a security researcher named Placebo who posted about it yesterday on Twitter. When Placebo\r\nposted about it, MageCart had already been removed from the Feedify script.\r\nhttps://www.bleepingcomputer.com/news/security/feedify-hacked-with-magecart-information-stealing-script/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/feedify-hacked-with-magecart-information-stealing-script/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nWhen researching this story, I created a Feedify account to test what scripts their customers were being instructed to add.\r\nWhen testing the service, customers are instructed to add the following snippet of code to their site.\r\nCaption\r\nWhen examining the https://cdn.feedify.net/getjs/feedbackembad-min-1.0.js script, though, I saw that MageCart was still\r\nembedded in the script as shown by the highlighted section below.\r\nCaption\r\nA partial deobfuscation of the script shows that any submitted information will be sent to the URL https://info-stat.ws/js/slider.js.\r\nhttps://www.bleepingcomputer.com/news/security/feedify-hacked-with-magecart-information-stealing-script/\r\nPage 3 of 5\n\nCaption\r\nTo confirm that this was indeed MageCart, I contacted Yonathan Klijnsma of RiskIQ who further confirmed that the Feedify\r\nscript was still compromised. Klijnsma told BleepingComputer that the script had been reinfected 15 minutes prior to my\r\ncontacting him. \r\nCurrently the malicious code has been removed from the https://feedify.net/getjs/feedbackembad-min-1.0.js, but it is still\r\npresent in https://cdn.feedify.net/getjs/feedbackembad-min-1.0.js.\r\nBleepingComputer has contacted Feedify for further information, but has not received a response at the time of this\r\npublication.\r\nMageCart used in recent British Airways hack\r\nRiskIQ also discovered that a script used by British Airways was also recently compromised by the MageCart script. This\r\nallowed attackers to steal payment and other sensitive information from approximately 380,000 individuals.\r\nhttps://www.bleepingcomputer.com/news/security/feedify-hacked-with-magecart-information-stealing-script/\r\nPage 4 of 5\n\nIn the British Airways hack, the compromised script was the Modernizr JavaScript library, which airline's site was using.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/feedify-hacked-with-magecart-information-stealing-script/\r\nhttps://www.bleepingcomputer.com/news/security/feedify-hacked-with-magecart-information-stealing-script/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "references": [ "https://www.bleepingcomputer.com/news/security/feedify-hacked-with-magecart-information-stealing-script/" ], "report_names": [ "feedify-hacked-with-magecart-information-stealing-script" ], "threat_actors": [ { "id": "5a0483f5-09b3-4673-bb5a-56d41eaf91ed", "created_at": "2023-01-06T13:46:38.814104Z", "updated_at": "2026-04-10T02:00:03.110104Z", "deleted_at": null, "main_name": "MageCart", "aliases": [], "source_name": "MISPGALAXY:MageCart", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434414, "ts_updated_at": 1775791451, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/b70bd0a2905180f48da69433e07a9c823951672d.pdf", "text": "https://archive.orkl.eu/b70bd0a2905180f48da69433e07a9c823951672d.txt", "img": "https://archive.orkl.eu/b70bd0a2905180f48da69433e07a9c823951672d.jpg" } }