Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign

Malwarebytes announced in a Tuesday analysis that two malware domains of the newly discovered Magecart skimming campaign, “scanalytic[.]org” and “js.staticounter[.]net” , are part of a broader infrastructure used to carry out intrusions.

The earliest evidence of the campaign’s activity, based on the additional domains uncovered, suggests it dates back to at least May 2020.

Jérôme Segura, director of Threat Intelligence at Crunchbase said: “We were able to connect these two domains with a previous campaign from November 2021 which was the first instance to our knowledge of a skimmer checking for the use of virtual machines.”

Magecart is a cybercrime syndicate that specializes in cyberattacks on e-commerce storefronts and is composed of dozens of subgroups. Their trademark involved digital credit card theft by injecting JavaScript code.

It is unclear if Magecart is an organization with direction or simply unconnected groups who use the same method of attack.

In 2015 the attacks gained notoriety for singling out the Magneto commerce platform. Since then the syndicate has expanded to a notable WordPress plugin named WooCommerce.

WordPress has emerged as the top CMS platform for credit card skimming malware with skimmers concealed in the website in the form of fake images and JavaScript theme files.

“Attackers follow the money, so it was only a matter of time before they shifted their focus toward the most popular e-commerce platform on the web,” Sucuri’s Ben Martin noted.

The post Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign appeared first on IT Security Guru.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt