Search results
  1. New article continuing the joint analysis with on the skimmer we found a few weeks ago. We've pivoted on the C2 domain and found some more compromised websites as well as other interesting files. Let us know what you think!

  2. 2 hours ago

    has become the "poster child" of third-party scripts attacks. Learn more about Magecart and how to protect against similar attacks on 's blog.

  3. Jan 2

    If you are a defender tracking online credit card skimmers, you need to watch out for these 2 tricks: steganography & WebSocket connections. A big thanks to for sharing intel with the community.

  4. Jan 10

    skimmer stealing from folks donating to Australia's bushfire effort. Skimmer is 'ATMZOW', exfiltration domain vamberlo[.]com was already known.

  5. Jan 29

    Adobe just fixed 3 critical vulnerabilities in . Will we see a spike in attacks? Update ASAP!

  6. Jan 23

    New article on a infection on an Olympic Ticket Reseller website. This is also a joint analysis with so make sure to check out his article as well!

  7. Jan 23

    Skimmers write actual spaghetti code... In an unexpected plot twist, card-stealing malware was disguised as Italian cuisine. 1/3

    Show this thread
  8. 18 Dec 2019

    Server-side PHP web skimmer in lib/Varien/Autoload.php that uses google-anaiytlcs[.]com/min.3.14.7.js exfil URL. It's not a JS. But they have a JS skimmer on this domain too: google-anaiytlcs[.]com/ga.js h/t Ben Martin

  9. According to , who also participated in the investigation with the Indonesian Police and Interpol, members of this group were using VPN services to hide their real location and also used stolen payment cards to buy new domains to protect their identities.

    Show this thread
  10. Alert German Magento users: the fake site is used to steal customer's payments. Created 3 days ago.

  11. Jan 6

    ⚠️ New Slack channel :: Magecart Intel Sharing ⚠️ If you're engaged in hunting or protecting against then come join. Split into with different TLP areas to enable effective intel sharing and allowing for collaborative working amount peers. 📬 DM me for an invite now.

  12. Jan 24

    Thanks to data from we were able to see a new digital skimmer/ loader that's starting to be utilized. It's unique enough that it merits some discussion, even if it's also not fully operational. Let's call it the Prototype loader, I guess.

    Show this thread
  13. 17 Dec 2019
  14. ⮜ Operation Night Fury ⮞ Interpol arrested 3 -style Indonesian hackers who compromised hundreds of International e-commerce websites and stole their users' payment card details by implanting JS-sniffers. —by

    Show this thread
  15. Jan 4

    I thought that attacks would be pretty easy to detect with web automation. If you run a web property that processes sensitive data, it might be of interest. Check it out here:

  16. Jan 2

    Fresh new credit card skimmer domain registered and planted on the website of . Replaces the legitimate google-analytics[.]com with its own fraudulent one: googlo-analytics[.]com. Skimmer IP: 5.188.9[.]61

  17. 29 Nov 2019

    Online credit card-skimming malware is a looming threat to nearly every retailer especially during the holiday season. We give you some tips on how to detect and defend against the Magecart attack.

  18. Jan 13

    -- reporting address hxxps://apis-analytics.com/testify apis-analytics[.]com just registered severals days ago

  19. Jan 3

    As noticed, ’s malicious JavaScript is hosted in googlead. Tech is still active in some online stores and was modified in the last two weeks. Magecart is using an technique with an infinite loop executing the debugger statement.

  20. Jan 14

    A attack has hit the check-out page of an online donation site for the .

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.