Magecart Skimmer Poses as Payment Service Provider

[silversurfer]

The skimmer used in a recently discovered Magecart attack on a Magento-based e-commerce website was posing as a payment service provider via a rogue iframe, Malwarebytes reports.
 
The Magecart hackers made a name for themselves last year, after a series of high-profile attacks, such as those on Ticketmaster, British Airways, or Newegg. 
The hackers changed tactics following detailed reports on the activity of multiple groups, but the attacks continued, with the most recent of them hitting campus e-commerce sitesand Picreel and Alpaca Forms.
 
One of the techniques used by the Magecart attackers to steal payment card data is to place their web skimmers onto check-out pages. The same method was used in the attack Malwarebytes observed, but with a twist. 
 
The attackers added a bogus iframe onto a retailer’s payment page to ask users to enter their credit card data although the page did not include such a form but instead redirected customers to a payment service provider (PSP).

SOURCE: https://www.securityweek.com/magecart-sk...e-provider