image
Cybercriminals hacked the official website of Tupperware, the popular food container giant, injecting a payment card skimmer into its checkout page in hopes of stealing the credit-card details of online customers. The attackers targeted the official Tupperware[.]com website, which averages close to one million monthly visits, as well as various localized versions of the site. Researchers said they first identified the skimmer on March 20 — but there’s no indication of how long the site was compromised before that. Though Tupperware never responded to multiple attempts at contact by researchers, as of March 25, after research was publicly disclosed detailing the card skimmer, the malicious code was removed from the homepage. “Threat actors compromised the official tupperware[.]com site…by hiding malicious code within an image file that activates a fraudulent payment form during the checkout process,” said researchers with Malwarebytes, in a Wednesday post. “This form collects customer-payment data via a digital credit card skimmer and passes it on to the cybercriminals, with Tupperware shoppers none-the-wiser.” Researchers first came across the card skimmer during a web crawl, when they identified a suspicious iframe — responsible for displaying the payment form fields presented to online shoppers — that was loaded on the Tupperware[.]com checkout page. Researchers said the iframe was loaded from deskofhelp[.]com, raising a few red flags. First, the webpage was newly…

Source