Threat Management, Critical Infrastructure Security, Malware

More stealthy Magecart attacks reported

Despite the seemingly reduced prevalence of Magecart attacks, a new, more covert campaign was observed by Malwarebytes to continue being connected to a "pretty wide infrastructure," reports ZDNet. Malwarebytes researchers discovered that the novel Magecart skimmer domain identified by Sansec, as well as a suspected host determined by another security researcher, were tied to a more widespread campaign, which was related to another campaign last year that involved a skimmer with virtual machine detection capabilities. However, the skimmer was found to have the VM code removed. "If the Magecart threat actors decided to switch their operations exclusively server-side then the majority of companies, including ours, would lose visibility overnight. This is why we often look up to researchers that work the website cleanups. If something happens, these guys would likely notice it. For now, we can say that Magecart client-side attacks are still around and that we could easily be missing them if we rely on automated crawlers and sandboxes, at least if we don't make them more robust," said Malwarebytes researcher Jrme Segura.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.