Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts

Although observed Magecart shimmer attacks have been less frequently reported in recent months, analysts have discovered new infrastructure that they were able to track to malicious domains behind an ongoing campaign.

The Malwarebytes Labs team linked the skimmers to activity dating back to May 2020.

The attackers hid the skimmer behind three JavaScript library themes, the report said:

  • hal-data[.]org / gre / code.js (Angular JS)
  • hal-data[.]org / data / (logger)
  • js.g-livestatic[.]com / theme / main.js (Modernizr)

The team added that a recent drop in Magecart activity may be due to many threat players being able to swing from stealing credit card numbers to more profitable targets.

“Crypto wallets and similar digital assets are extremely valuable and there is no doubt that smart schemes to rob them are in place beyond phishing for them,” the team wrote.

But worryingly, Magecart’s disappearance from the radar may also be due to the fact that the attacks have moved to the server side and have become harder to detect with simple scanners, analysts said.

“Maybe we’re been too focused on Magento CMS, or our crawlers and sandboxes are being detected due to various controls, including at the network level,” the team said of declining records of Magecart shimmer attacks.

Stay up to date with the latest cyber security threats, newly discovered vulnerabilities, information about data breaches and new trends. Delivered daily or weekly straight to your inbox.

Subscribe

William

Leave a Reply

Your email address will not be published.