Online ordering platforms for restaurants offer the convenience for customers to make online food orders as well as in-store touch screen menu choices and payments. This allows restaurants to outsource the burden of developing an ordering system. High end online ordering systems such as those used by Uber Eats and DoorDash dominate the market, there are also hundreds of smaller online ordering platforms that serve small, local restaurants.
These smaller scale platforms could service hundreds of restaurants as clients. Online ordering platforms have become a high-value target for cyber threat actors conducting Magecart e-skimmer attacks because compromising a single online ordering platform typically results in the exposure of online transactions performed at a significant portion of other restaurants that also use the platform.
Two active Magecart campaigns are targeting restaurants using MenuDrive, Harbortouch, and InTouchPOS online ordering services. At least 50,000 credit cards were compromised and listed for sale on the dark web, impacting over 300 small businesses.
Since November, a campaign has targeted InTouchPOS with a card skimmer that overlays a fake payment form onto the shopping cart’s checkout page.
MenuDrive and Harbortouch are targeted in a separate campaign that began in January. In these attacks, card skimming malware is implanted into both the restaurant’s website and its subdomain on the online payment service’s platform. On MenuDrive, threat actors use two different scripts to harvest credit card information and the cardholder’s name, email address, and phone number. A single script is used on Harbortouch to collect the same information.
Attacks against all three platforms are ongoing.