Magecart Attack

2020-10-06 17:39

The approach is reminiscent of core Magecart group attacks, but in this case, the attack was the work of the Fullz House group, according to Malwarebytes, which is a Magecart splinter group that's mainly known for its phishing prowess.

The group has been analyzed in the past, and gets its name from the use of carding sites to resell "Fullz," an underground slang term meaning a full set of an individual's personally identifying information plus financial data.

Magecart is an umbrella term encompassing several different threat groups who all use the same modus operandi: They compromise websites in order to inject card-skimming scripts on checkout pages, stealing unsuspecting customers' payment card details and other information entered into the fields on the page.

According to a previous analysis from RiskIQ, Fullz House is known for innovating when it comes to the Magecart blueprint by adding phishing to the mix.

Register today for this FREE Threatpost webinar, "Retail Security: Magecart and the Rise of e-Commerce Threats." Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims.

News URL

https://threatpost.com/boom-mobile-customer-data-fullz-house-magecart/159887/

#attack #magecart #mobile