Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.
Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.
In readying a libel suit against DoubleVerify, FilmOn says it discovered that the firm deliberately distributed malware.
Sen. Charles Schumer of New York has called on federal law enforcement officials to stop "copy cat websites."
The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.