Security News > 2020 > April > Magecart Hackers Continue Improving Skimmers
A Magecart threat actor tracked as "Group 7" has been using a skimmer that creates iframes to steal payment card data, RiskIQ reveals.
In some cases, the compromised websites were abused to host the skimming code, load the code on compromised websites, and exfiltrate stolen data.
Analysis of the malicious code revealed objects that directly refer to the creation of iframes for skimming payment data.
"This method of exfiltration is the same as that used by Magecart Group 7, sending stolen data as.php files to other compromised sites for exfiltration. Each compromised site used for data exfil has also been injected with a skimmer and has been used to host skimming code loaded on other victim sites as well," the researchers explain.
Similarities in technique and code construction led RiskIQ to the conclusion that Magecart Group 7 is behind the new skimmer.