Digital attackers compromised the website of kitchen and household products manufacturer Tupperware with a credit card skimmer.
On March 20, researchers at Malwarebytes observed that attackers had compromised tupperware[.]com by hiding malicious code within an image file. This code activated when a user attempted to check out and complete their purchase on Tupperware’s online store. At that time, it displayed a fraudulent form as an iframe for the purpose of collecting a user’s credit card credentials.
A closer look at this incident revealed that the iframe had loaded from deskofhelp[.]com. Registered on March 9 by someone using the email address elbadtoy@yandex[.]ru, this domain was located on a server at 5.2.78[.]19 along with other phishing domains at the time of discovery.