Volusion (via Google Cloud Storage script)
Volusion e-commerce sites skimmed via script.
Over 29,500 e-commerce websites hosted on the Volusion platform were compromised when a malicious JavaScript file (volusion.js), hosted on a Google Cloud Storage bucket (storage.googleapis.com/volusionapi/resources/) used by Volusion, was modified. This script skimmed credit card information, exfiltrating it to gogogolo.com.
- Date
- 2019-10-07 to 2019-10-09
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Credential theft
- Cause
- Cloud storage compromise
What Was Affected
Package
Volusion (via Google Cloud Storage script)
LanguageJavaScript
ComponentScript
Artifact typesource archive
Domain typeCDN host
Domain
storage.googleapis.com
Incident Context
- Motive
- Financial gain
- Attribution
- Cybercriminal Gang
- Transitive
- Yes
- User Impact
- 29500
- Observed Duration
- 2 days
Evidence
Compromised Artifacts
- //storage.googleapis.com/volusionapi/resources/volusion.js
Current Artifacts and Analysis
- blog.trendmicro.com/trendlabs-security-intelligence/volusion-platform-compromised-by-magecart-attackers-to-skim-credit-card-details
- hxxps://www[.]gogogolo[.]com/pixel/pixel.js # Skimmer exfiltration domain
Source Data
Source record: proprietary/volusion/meta.yaml