Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs

2020-04-02 13:10

Researchers have observed a new skimmer from the prolific Magecart Group that has been actively harvesting payment-card data from 19 different victim websites, mainly belonging to small- and medium-sized businesses, for several months.

"In some cases, we've seen MakeFrame using compromised sites for all three of its functions - hosting the skimming code itself, loading the skimmer on other compromised websites and exfiltrating the stolen data," Herman and Ihm wrote.

Magecart Group 7 typically uses victim sites for skimmer development, which was also observed when the group compromised OXO in 2017 and in activity by the group in 2018, researchers wrote.

Another aspect of MakeFrame that links the new skimmer back to Magecart Group 7 is its method of exfiltration of data once it's stolen, Herman and Ihm noted.

Magecart Group 7 is one of a number of threat actors operating under the Magecart umbrella, which includes several different groups who all use a similar attack vector.

News URL

https://threatpost.com/emerging-makeframe-skimmer-magecart-smbs/154374/

#magecart #skimmer #SMB #smbs

News URL

Related news