-
New article continuing the joint analysis with
@LibraAnalysis on the#Magecart skimmer we found a few weeks ago. We've pivoted on the C2 domain and found some more compromised websites as well as other interesting files. Let us know what you think! https://www.goggleheadedhacker.com/blog/post/15 -
#Magecart has become the "poster child" of third-party scripts attacks. Learn more about Magecart and how to protect against similar attacks on@Akamai's blog.#cybersecurity http://bit.ly/2RTlW28 pic.twitter.com/SGNaPEWXB6
-
If you are a defender tracking online credit card skimmers, you need to watch out for these 2 tricks: steganography & WebSocket connections. A big thanks to
@AffableKraut for sharing intel with the community. https://blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ …#Magecart#skimming pic.twitter.com/abDSDmGinf
-
#Magecart skimmer stealing from folks donating to Australia's bushfire effort. Skimmer is 'ATMZOW', exfiltration domain vamberlo[.]com was already known. pic.twitter.com/1qwPqSPEQm
-
Adobe just fixed 3 critical vulnerabilities in
#Magento. Will we see a spike in#magecart attacks? Update ASAP! pic.twitter.com/tDUHZ36POj
-
New article on a
#magecart infection on an Olympic Ticket Reseller website. This is also a joint analysis with@LibraAnalysis so make sure to check out his article as well!https://www.goggleheadedhacker.com/blog/post/14 -
Skimmers write actual spaghetti code... In an unexpected plot twist, card-stealing malware was disguised as Italian cuisine.
#magecart#webskimmer 1/3pic.twitter.com/TiQdxh97at
Show this thread -
Server-side PHP web skimmer in lib/Varien/Autoload.php https://pastebin.com/raw/Nz0QCFf3 that uses google-anaiytlcs[.]com/min.3.14.7.js exfil URL. It's not a JS. But they have a JS skimmer on this domain too: google-anaiytlcs[.]com/ga.js
#magecart h/t Ben Martin pic.twitter.com/o3NOd2GAa0
-
According to
@GroupIB, who also participated in the#Magecart investigation with the Indonesian Police and Interpol, members of this group were using VPN services to hide their real location and also used stolen payment cards to buy new domains to protect their identities. pic.twitter.com/3rFv9G8Xqa
Show this thread -
Alert German Magento users: the fake site http://developer.magentohub.de is used to steal customer's payments. Created 3 days ago.
#Magecart -
New Slack channel :: Magecart Intel Sharing
If you're engaged in hunting or protecting against #Magecart then come join. Split into with different TLP areas to enable effective intel sharing and allowing for collaborative working amount peers.
DM me for an invite now. pic.twitter.com/JgjH7szx6S
-
Thanks to data from
@ecomscan we were able to see a new digital skimmer/#magecart loader that's starting to be utilized. It's unique enough that it merits some discussion, even if it's also not fully operational. Let's call it the Prototype loader, I guess. pic.twitter.com/xkXXdNQ1SC
Show this thread -
#magecart hXXp://googlead.tech/api=v1.0.2.js https://urlscan.io/responses/a2a2671ea3fd379a24596dc760bb310cb3ad1094269d3df9644d3e43ed63f97a/ … Decoded JS http://ddecode.com/hexdecoder/?results=d6dafa1b9c6cc191fd7a0bbb6772b110 … POSTs card data to hXXps://googlead.tech/p.php?id={encoded data} cc@AffableKraut@jeromesegurapic.twitter.com/EKLmJEBayo
-
⮜ Operation Night Fury ⮞ Interpol arrested 3
#Magecart-style Indonesian hackers who compromised hundreds of International e-commerce websites and stole their users' payment card details by implanting JS-sniffers. https://thehackernews.com/2020/01/indonesian-magecart-hackers.html … —by@unix_root#cybersecuritypic.twitter.com/keQJlkjqFf
Show this thread -
I thought that
#Magecart attacks would be pretty easy to detect with web automation. If you run a web property that processes sensitive data, it might be of interest. Check it out here: https://articles.hotelexistence.ca/posts/browserautomationtodetectwebskimming/ … -
Fresh new credit card skimmer domain registered and planted on the website of
@Ameristep. Replaces the legitimate google-analytics[.]com with its own fraudulent one: googlo-analytics[.]com. Skimmer IP: 5.188.9[.]61#Magecart#webskimmingpic.twitter.com/fcOKwazWTN
-
Online credit card-skimming malware
#Magecart is a looming threat to nearly every retailer especially during the holiday season. We give you some tips on how to detect and defend against the Magecart attack. https://r-7.co/2Tv2Fma -
#cybersecurity#Magecart#ThreatHunting -- reporting address hxxps://apis-analytics.com/testify#baddomain apis-analytics[.]com just registered severals days agopic.twitter.com/jcQ7bkONoA
-
As
@killamjr noticed,#magecart’s malicious JavaScript is hosted in googlead. Tech is still active in some online stores and was modified in the last two weeks. Magecart is using an#AntiAnalysis technique with an infinite loop executing the debugger statement. pic.twitter.com/9wI3lMNMV6
-
A
#Magecart attack has hit the check-out page of an online donation site for the#AustraliaFires.https://threatpost.com/card-skimmer-australian-bushfire-donation-site/151841/ …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.