Security News > 2021 > May > Magecart Goes Server-Side in Latest Tactics Changeup

Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September's gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach.

The credit-card skimmer group is using PHP web shells to gain remote administrative access to the sites under attack to steal credit-card data, rather than using their previously favored JavaScript code, which they simply injected into vulnerable sites to log the information keyed into online checkout sites, according to Malwarebytes Labs' Threat Intelligence Team.

Magecart 12, the latest incarnation of the web skimmer group, continues to launch attacks with malware created to mimic a favicon, also known as a "Favorite icon" or "Shortcut icon."

Last month, researchers from Sucuri discovered that Magecart attackers were saving their stolen credit-card data in.

Back in December, Magecart attackers hijacked PayPal transactions during the holiday shopping season.

"The latest techniques observed in these recent Magecart attacks show how the groups themselves are staying innovative by using previous techniques with new coding and tactics," Sean Nikkel, senior cyber threat intel analyst at Digital Shadows told Threatpost.

News URL

https://threatpost.com/magecart-server-side-itactics-changeup/166242/