Magecart Campaign Offers Customizable Payload

[silversurfer]

Magecart has launched a new campaign offering a highly customizable payload along with JavaScript loaders and software bundles that can ensure the malicious payload isn't being executed in a debugger or sandbox, according to Fortinet researchers.
 
“This skimmer is called Inter. It is highly customizable, so it can be easily configured to fit the buyer’s needs and is reportedly being sold in underground forums for $1,300 per license. We started seeing attacks from this campaign on April 19,” the researchers wrote. 
 
“E-commerce websites use different platforms for handling payments. For instance, some websites handle the payments internally while others use external payment service providers (PSPs). Depending on which platform the compromised website uses, the campaign uses either a web skimmer or a fake payment form,” the report said.
 
The campaign reportedly injects a fake card payment form on a targeted web page and skims a victim's entered card information, whether or not the page is a checkout form, enabling the skimmer to be brought into the customer experience earlier, avoiding possible security software intended to catch it on the checkout page. Another feature allows Inter to avoid detection by hiding the stolen information in plain site, according to the report.

SOURCE: https://www.infosecurity-magazine.com/ne...gn-offers/