Sanguine Security Labs

@eComscan

eCommerce fraud protection - helping merchants to prevent incidents - researching form jackers, payment skimmers, miners and Magecart.

Amsterdam
Vrijeme pridruživanja: veljača 2019.

Tweetovi

Blokirali ste korisnika/cu @eComscan

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @eComscan

  1. proslijedio/la je Tweet

    Joint press conference by Indonesian National Police & on Operation Night Fury led by INTERPOL’s Desk, sharing the successful arrest of 3 suspects involved in JS-sniffer campaign compromising e-commerce websites to steal credit card or online payment information

    Poništi
  2. 25. sij

    More information & writeup at Sanguine Labs:

    Prikaži ovu nit
    Poništi
  3. 25. sij

    While the arrest is a big step to combat the surge of web skimming, this group has only been responsible for less than 1% of online skimming activity since 2018. We estimate that 40 to 50 (more sophisticated) individuals are yet involved in this type of fraud.

    Prikaži ovu nit
    Poništi
  4. 25. sij

    The Indonesian arrests were part of Interpol "Operation Night Fury" to combat web skimming. Cyberteams from the US and EU contributed to the case.

    Prikaži ovu nit
    Poništi
  5. 25. sij

    We were contacted previously by a likely member of the group, claiming to have more information about the recent impersonations of Sanguine Security. "I am just blackhat who spread malware"

    Prikaži ovu nit
    Poništi
  6. 25. sij

    While the arrests already took place at December 20th, Sanguine has observed activity on the same skimming infrastructure afterwards, even up to January 15th. Indonesian police admits that more suspects are still at large but did not disclose further details.

    Prikaži ovu nit
    Poništi
  7. 25. sij

    Police reports 12 cases, but Sanguine identified 571 hacks with this groups modus operandi since 2017. They could be identified because of an odd debug message "Success gan!" (success bro) upon successful payment interception.

    Prikaži ovu nit
    Poništi
  8. 25. sij

    One suspect admitted on live television that he had injected payment skimmers on foreign stores since 2017. He claimed to have earned enough money "to buy a jacket".

    Prikaži ovu nit
    Poništi
  9. 25. sij

    Indonesian police arrests 3 Magecart hackers who ran skimming operation since 2017. They recently registered "magecart[.]net" for payment interception.

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    24. sij

    Thanks to data from we were able to see a new digital skimmer/ loader that's starting to be utilized. It's unique enough that it merits some discussion, even if it's also not fully operational. Let's call it the Prototype loader, I guess.

    Prikaži ovu nit
    Poništi
  11. 23. sij
    Prikaži ovu nit
    Poništi
  12. 23. sij

    Despite its glaring presence, the skimmer has been injected in numerous sites since Dec 12th and most are still active. We have reached out to all affected merchants.

    Prikaži ovu nit
    Poništi
  13. 23. sij

    Normally criminals go out of their way to hide their work, but this pasta fan didn't seem to care. Also, the card collection server is pizdasniff[.]site, which is proper Russian for "pussyskimmer". 2/3

    Prikaži ovu nit
    Poništi
  14. 23. sij

    Skimmers write actual spaghetti code... In an unexpected plot twist, card-stealing malware was disguised as Italian cuisine. 1/3

    Prikaži ovu nit
    Poništi
  15. 23. sij

    In this example, the parmezan and spaghetti objects are used to test whether a victim has finished entering their credit card number, so that it can be transmitted to a malicious server.

    Prikaži ovu nit
    Poništi
  16. 16. sij

    There's a recent increase in stores that get hacked via staff spear phishing/malware. Always run anti-virus software on your workstations and instruct staff to be aware of phishing.

    Poništi
  17. 15. sij

    New eComscan release 0.10.8, better support for Magento ISPs with options to follow external symlinks and filesystems.

    Poništi
  18. 30. pro 2019.

    Russian IPs using a fake "" record are mass scanning for several commerce vulnerabilities over x-mas. See others? Please report, thanks! 77.246.157[.]20 82.202.167[.]108

    Poništi
  19. proslijedio/la je Tweet
    20. pro 2019.

    Thanks to some data from I was able to likely tie this new technique to Group 9. Two new domains were found: zoopim[.]online and chatstat[.]online. One of those ties directly to some domains that popped up about a year ago. 1/4

    Prikaži ovu nit
    Poništi
  20. 12. pro 2019.

    Whole office is munching Christmas chocolates already. Awesome gift from our Magento hosting partner .

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·