Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration

Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocksBlockcomment and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously...

Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity

This blog post was authored by Jérôme Segura Web skimming continues to be a real and impactful threat to online merchants and shoppers. The threat actors in this space greatly range in sophistication from amateurs all the way to nation state groups like Lazarus. In terms of security, many...

Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simpl...

Inter skimming kit used in homoglyph attacks

As we continue to track web threats and credit card skimming in particular, we often rediscover techniques weve encountered elsewhere before. In this post, we share a recent find that involves what is known as an homoglyph attack. This technique has been exploited for some time already, especiall...

Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs

Researchers have observed a new skimmer from the prolific Magecart Group that has been actively harvesting payment-card data from 19 different victim websites, mainly belonging to small- and medium-sized businesses SMBs, for several months. RiskIQ researchers first discovered the skimmer, dubbed...

Magecart 5 Linked to Carbanak Gang

Researchers have linked Magecart Group 5, the credit-card skimming cybercriminals behind the Ticketmaster breach, to Dridex phishing campaigns and the infamous Carbanak group. Magecart – which is an umbrella group encompassing several different affiliates all using the same modus operandi – injec...

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

This blog post was authored by Jérôme Segura, William Tsing, and Adam Thomas. In a previous post, we described the possible overlap between certain domains registered by Magecart Group 4 and the Cobalt gang. While attribution is always a difficult endeavor, sharing TTPs can help others to connect...

Magecart Group Targets Routers Behind Public Wi-Fi Networks

A faction of the Magecart threat group is testing code that targets routers used to provide free or paid Wi-Fi services in public spaces and hotels. If successful, attackers would able to compromise these commercial-grade routers and be able to siphon payment data of users joining Wi-Fi networks ...

Skimmer acts as payment service provider via rogue iframe

Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain. A number of online merchants externalize the payment process to a...

Hackers infect e-commerce sites by compromising their advertising partner

Magecart strikes again, one of the most notorious hacking groups specializes in stealing credit card details from poorly-secured e-commerce websites. According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as "Magecart Group 12," recent...

2018: A Banner Year for Breaches

Where to start? In 2018 the mantra became “another day, another data breach.” As a result, consumers and researchers alike are feeling “breach fatigue” and getting a bit numb to the headline. But the reality is, cybercriminals are going after personal information, credit card info and passwords...

Web skimmers compete in Umbro Brasil hack

Umbro, the popular sportswear brand has had their Umbro Brasil website hacked and injected with not one but two web skimmers part of the Magecart group. Magecart has become a household name in recent months due to high profile attacks on various merchant websites. Criminals can seamlessly steal...

Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer

The notorious hacking group behind the Ticketmaster and British Airways data breaches has now victimized popular computer hardware and consumer electronics retailer Newegg. Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who enter...

MagentoCore Card Skimmer Found on Mass Numbers of E-Commerce Sites

UPDATED A whopping 7,339 and counting individual e-commerce sites have been infested with the MagentoCore.net payment-card skimmer in the last six months, making the malicious script one of the most successful credit-card threats out there. The infections are part of a single effort, all tied bac...