Smith & Wesson targeted in cyberattack, report says

In this case, they’re after your money, not your guns.

A cyberattack started during the peak of Black Friday shopping last week with the injection of malicious computer code into Smith & Wesson's online store, as reported by BleepingComputer.

In a typical case, the code, or JavaScript, tries to steal customer payment data by sending it to a remote site under the attacker's control, according to the cybersecurity news site.

HACKERS ARE DRAINING ATMs ACROSS THE US

A woman holds a 9-mm. handgun by the American manufacturer Smith & Wesson at the IWA OutdoorClassics trade show for hunting, shooting sports, equipment for outdoor activities and for civilian and official security applications in March 2018 in Nuremberg, Germany.

A woman holds a 9-mm. handgun by the American manufacturer Smith & Wesson at the IWA OutdoorClassics trade show for hunting, shooting sports, equipment for outdoor activities and for civilian and official security applications in March 2018 in Nuremberg, Germany. (Photo by Daniel Karmann/picture alliance via Getty Images)

The so-called “Magecart skimmer campaign" was first noticed by Sanguine Security when bad actors started registering malicious domain, or website, names purportedly associated with Sanguine.  The company offers an "anti-skimming" service, which is used to prevent this type of activity.

A Sanguine Security web page said that on Dec. 3 the malicious skimmer had been removed from the Smith & Wesson store.

These types of attacks typically gain entry by either breaking into a server or by targeting the business’ third-party vendors, who in turn unwittingly pass on the infection, according to TechRepublic.

FBI WARNS OF NEW CYBER THREAT TO US THAT INVOLVES 'WHOLE VARIETY' OF ACTORS FROM CHINA

The malicious JavaScript typically “listens” for personal information. For example, by monitoring the keypresses on a sensitive page, TechRepublic said.

The problem for consumers is that they will be oblivious to the attack, Craig Young, computer security researcher for Tripwire’s vulnerability and exposure research team (VERT), tells Fox News.

He offered some ways to make your purchases more secure and avoid attacks.

RUSSIAN HACKERS ON THE ATTACK BECAUSE OF POSSIBLE OLYMPIC BAN

One is a virtual payment card. These cards, which limit the amount of personally identifiable information (PII) you share, are sometimes referred to as a temporary card number or pseudo card number, as explained by Privacy, which offers these types of cards. They do not come with a physical card and the single-use numbers "self-destruct" after use.

Some traditional banks also offer these as an option. “Consumers would need to inquire with their financial institution about availability for this,” Young said.

Big Internet players also offer these kinds of services. “Google, PayPal and Amazon all offer secure payment processing services, which can be used in lieu of exposing actual card numbers,” Young added.

MASSIVE SEXTORTION ATTACK RUNNING WILD, SECURITY FIRM SAYS

The bottom line is if you have shopped with a regular credit card at a site that has been compromised you need to act.

“If you have recently shopped at the Smith & Wesson website and entered payment information, you need to contact your credit card company and monitor your statements for suspicious or fraudulent charges,” said BleepingComputer.

CLICK HERE TO GET THE FOX NEWS APP

Fox News has reached out to Smith & Wesson with a request for comment.