Cyber Incident Victim: PEX Superstore

On or around November 4, 2019, cybersecurity researchers at PerimeterX discovered that PEXSuperstore.com, a tubing-and-valve e-commerce specialist, had been compromised by two distinct Magecart threat groups simultaneously. The attackers injected separate credit card skimming scripts into the Magento-based checkout pages to steal payment card details and personally identifiable information (PII) from customers. The first skimmer used the domain mogento[dot]info to host malicious code disguised as a Google Analytics script, which loaded an obfuscated payload from attacker-controlled servers. The second skimmer modified the website's native checkout script directly, injecting code that exfiltrated stolen data to https://assetstorage[dot]net/PEXSuperstore.com. Researchers confirmed both attacks targeted the same checkout pages but employed fundamentally different technical approaches—varying in code structure, obfuscation complexity, and data exfiltration mechanisms.

PerimeterX identified the dual compromise while investigating a separate Magecart attack on clothing retailer Sixth June, which shared the mogento[dot]info skimmer host. Analysis revealed the assetstorage[dot]net skimmer was part of a broader campaign affecting other retailers including sportswear company UmbroBrasil. Both attackers leveraged first-party code execution, bypassing web server security controls to modify legitimate site scripts. The incident demonstrated Magecart's operational model where unaffiliated groups independently exploit vulnerable e-commerce platforms, often using commercially available skimming kits from dark web markets. No coordinated response actions by PEXSuperstore were documented in available sources, though researchers confirmed the skimmers actively captured customer data during checkout processes. This incident occurred amid a surge in overlapping Magecart operations targeting over 80 global e-commerce sites throughout 2019.