The AchieVer Posted May 9, 2019 Share Posted May 9, 2019 Researchers expose mass credit card stealing campaign Over 100 websites including top Alexa domains are infected. A new credit card skimming scheme which involves over 100 websites is actively stealing the financial details of customers, researchers have warned. According to Netlab 360, credit card information including names, card numbers, expiration dates, and security codes (CVV) have been stolen over the course of five months. A suspicious domain, magento-analytics[.]com, was flagged by the company back in October 2018. Since then, Netlab 360 has been tracking the domain, of which traffic rates were originally rather low. The domain, which is not associated with legitimate Magento services or websites, returns a 404 error if you attempt to access it directly from a browser. However, it was not long before the researchers realized something nefarious was going on. Magento-analytics[.]com is registered in Panama, but recently shifted to the US, Russia, and then finally China. This prompted the team to check out what the domain's purpose was, and they found a range of JS scripts used to skim financial data. The scripts themselves are similar and appear to be simple, containing little more than a timer, TrySend functions to fetch credit card information, and a SendData call for reporting the data to the operator's command-and-control (C2) server. Netlab 360 Netlab 360 tracked these scripts and discovered that 105 domains have been injected with these malicious scripts, including six among the Alexa Top one million websites. Victims appear to be e-commerce and retail websites including those which sell goods such as designer bags, bicycles, baby products, electronics, and wine. The campaign is reminiscent of Magecart, a well-known cybercriminal group which has been connected to credit card skimming attacks against high-profile targets including British Airways, TicketMaster, and OXO International. Last week, Trend Micro said the hacking group had managed to implant credit card stealing malware in 201 online stores linked to 176 colleges and universities in the US, as well as 21 academic institutions in Canada. Source Link to comment Share on other sites More sharing options...
A new credit card skimming scheme which involves over 100 websites is actively stealing the financial details of customers, researchers have warned. According to Netlab 360, credit card information including names, card numbers, expiration dates, and security codes (CVV) have been stolen over the course of five months. A suspicious domain, magento-analytics[.]com, was flagged by the company back in October 2018. Since then, Netlab 360 has been tracking the domain, of which traffic rates were originally rather low. The domain, which is not associated with legitimate Magento services or websites, returns a 404 error if you attempt to access it directly from a browser. However, it was not long before the researchers realized something nefarious was going on. Magento-analytics[.]com is registered in Panama, but recently shifted to the US, Russia, and then finally China. This prompted the team to check out what the domain's purpose was, and they found a range of JS scripts used to skim financial data. The scripts themselves are similar and appear to be simple, containing little more than a timer, TrySend functions to fetch credit card information, and a SendData call for reporting the data to the operator's command-and-control (C2) server. Netlab 360 Netlab 360 tracked these scripts and discovered that 105 domains have been injected with these malicious scripts, including six among the Alexa Top one million websites. Victims appear to be e-commerce and retail websites including those which sell goods such as designer bags, bicycles, baby products, electronics, and wine. The campaign is reminiscent of Magecart, a well-known cybercriminal group which has been connected to credit card skimming attacks against high-profile targets including British Airways, TicketMaster, and OXO International. Last week, Trend Micro said the hacking group had managed to implant credit card stealing malware in 201 online stores linked to 176 colleges and universities in the US, as well as 21 academic institutions in Canada. Source
Recommended Posts
Archived
This topic is now archived and is closed to further replies.