Web skimmer steals map data already stolen by other criminals - News Press

Privacy Is a Myth

Web skimmer steals map data already stolen by other criminals

Share This

 

Malwarebytes specialists  have discovered an interesting MageCart script (web skimmer) that not only infects online stores and steals bank card details of their visitors, but also parasitizes other hackers' malware.

Let me remind you that initially the name MageCart was assigned to one hack group, which was the first to introduce web skimmers (malicious JavaScript) on the pages of online stores to steal bank card data. But this approach turned out to be so successful that the group soon had numerous imitators, and the name MageCart became a household name, and now they denote a whole class of such attacks.

Researchers discovered the new skimmer while investigating a wave of hacks in online stores running the outdated Magento 1. Although the presence of malware on such sites is not surprising, the malware infecting them turned out to be interesting.

Costway was one of the victims of these attacks, which used Magento 1 for its online stores in France, the UK, Germany and Spain.

That is, the first hack group hacked the company's websites and introduced them with fake payment forms that steal financial data of buyers. The second hack group additionally uploaded their own custom web skimmers to these sites from the securityxx [.] Top domain. So, one script collects data from an already existing skimmer of the first group, and the second is activated only if the store has been cleared of malware introduced during the initial Magento 1 hack.

Thus, two hacker groups injected three different MageCart scripts on the sites of the hacked stores. The researchers note that such situations are not uncommon, and MageCart groups often compete with each other, destroying or trying to use the malware of their “colleagues in the shop”.

No comments:

Post a Comment

Pages