Over the past weeks, Australia and the entire world have learned about the massive Australia bush-fire, which has burned an estimated 18.6 million hectares (46 million acres), destroyed over 5,900 buildings (including approximately 2,683 homes) and killed at least 29 people.
Before and After of Australia Bush fire
The toll takes a massive jump as an estimated one billion animals were also killed, and some endangered species may be driven to extinction. At this point, Australians and people from around the globe are contributing as much as they can to speed up the relief process.
Before and After of Australia Bush Fire
While concerned individuals are donating as much as they can, cybercriminals are using this tragedy to exploit people who are helping and those who are on the receiving end.
Before and After of Australia Bush fire
Cybercriminals Escalating the Pain
While Australia continues to burn, malicious actors and cybercriminals aren’t shying away from showing their inhumane side.
Cybercriminals have hijacked the fundraising websites that are created to raise funds for the victims of the Australian Bush Fires.
A legitimate donation collecting website has been compromised by a #Magecart script. Via @CISOMAG https://t.co/HN6TV9sfTX
— Malwarebytes (@Malwarebytes) January 13, 2020
The attack cybercriminals are using is called Magecart. First, hackers inject malicious Javascript into the e-commerce or checkout pages of donation sites. These malicious scripts are being used to steal all the credit cards and submitted information and then sent them to the other websites, which are, of course, controlled by cybercriminals or hackers.
Magecart attack is targeting e-commerce and donation sites by injecting the malicious credit card skimmer script called ATMZOW into the site carts. Then all the credit card along with the submitted information is sent to the domain which is controlled by the hackers.
The steganography-based skimmer is the first documented #skimmer to use this technique, which commonly involves hiding code within harmless-looking imagery. @BBB1216BBB via @SCMagazine https://t.co/7YVHsllTbW
— Malwarebytes (@Malwarebytes) January 6, 2020
According to Malwarebytes Jérôme Segura, the compromised sites have been shut down so that no one can be affected. But as the malicious code is still active on the website, then hackers could modify the site and then again start to collect the payments from the donors.
Final Word
This tragic incident and the further trauma of dealing with these ill-intended cybercriminals is the last thing you expect in a situation like this where the entire world regrets this massive natural disaster.
This event sheds light on the digital realm that similar to how the real world is vulnerable to disasters, so is the online world. The hacking incidents at this most sensitive time beg for users to be aware of their digital presence and secure it before falling victim to prey.
While humans, flora, and fauna are devastated economically, psychologically, and most of them have even lost their loved ones. Keeping them away from donations by stealing them is the last nail in the coffins.
