Categories: Ad Guardian PlusNews

Malware hits Euro Cup and Olympics Ticket Reseller

 JavaScript that steals payment card data hit a re-seller of tickets for Euro Cup and Olympics. The code survived for at least 50 days on one of the websites. On the other one, it lasted for two weeks. This ended due to the intervention of two security specialists.

The code which steals card credentials from online stores at checkout is MageCart. The name comes from the fact it initially targeted sites running Magento e-commerce platform.

Jacob Pimental discovered the skimmer on the secondary ticket market OlympicTickets2020.com. The skimmer was hiding in a legitimate library – Slippry. It went active when the slider loaded. The malicious code was planted in the library in an obscure form.

After he had met the loader code responsible for launching the skimmer in March 2019, Max Kersten, a security researcher, helped Pimental. “The structure of the loader is, aside from the random variable names and script content, exactly the same,” Kersten wrote in a post.

Pimental discovered that specific keywords triggered the script. Thus, these were usually associated with a payment page: onepage, checkout, store, cart, pay, order, basket, billing, order. “If it finds any of those keywords in the website, it will send the information in the credit card form to opendoorcdn[.]com,” he wrote in a post.

The altered Slippry did not load from a third-party location that could have been compromised. So, Pimental searched for the hash of the library on UrlScan. Thus, he found that it was present on another site, EuroTickets2020.com, also in the ticket reselling business.

He discovered that the same party operated both EuroTickets2020 and OlympicTickets2020. Afterwards, he revealed that MageCart was present on the OlympicTickets site since at least December 3, 2019. On EuroTickets it was active since at least January 7, 2020.

A problem hard to solve

Although the two researchers tried to contact the owner of the websites, they received no answer. After their second contact, the security team decided to close the case. 

Still, they  insisted on the issue and provided clear instructions. But the two websites continued to host the malicious script. However, they removed MageCart, eventually.

They both warn that shopping at Euro Cup and Olympics Ticket re-seller  between December 3, 2019, and January 21, 2020, likely resulted in compromising card data. So, the best thing to do is contacting the issuing bank and requesting a card replacement.

Million Insights warned at the end of the last year about the phishing an malware threats until 2025.

Laurentiu Titei

Recent Posts

Best Free Cache Cleaner Software for Windows 10 and 11 PC

Do you remember how fast your computer was when it was new? It could complete…

3 days ago

Best Methods to Duplicate Word Documents in 2025

Many users duplicate Word documents to secure a backup, avoid overwrites or accidental deletions in…

3 days ago

What Is Windows Update and How to Block it with Windows Update Blocker

Computer systems are unpredictable. No one can predict how they behave after an update. .…

4 days ago

Top Cloud Security Tools and Technologies

Storing information and data online on cloud services has become common for businesses and organizations.…

4 days ago

Best Free Registry Cleaner Software for Windows 10, 11 PC in 2025

We offer you a list of the best registry cleaner computer programs. They will enable…

4 days ago

Best Free PC Cleaner and Optimizer for Windows 10, 11 in 2025

In this comprehensive overview, we delve into the best free PC cleaner and optimizer tools…

4 days ago