22 October 19, 17:39
Quote:Researchers have linked Magecart Group 5, the credit-card skimming cybercriminals behind the Ticketmaster breach, to Dridex phishing campaigns and the infamous Carbanak group.
Magecart – which is an umbrella group encompassing several different affiliates all using the same modus operandi – injects malicious JavaScript that steals the data that shoppers enter into online payment forms, typically on checkout pages. The skimmer malware exfiltrates name, address, credit-card number, expiry date and CVV back to the criminals every time someone makes a purchase on one of the compromised stores.
Magecart 5 specifically targets the supply-chain used by e-commerce merchants; in the Ticketmaster attack for instance, it targeted a chat feature hosted by a third party. It’s a bang-for-the-buck strategy that potentially gives it access to hundreds or even thousands of websites downstream.
“This kind of supply-chain attack, where thousands of stores are loading altered code, have a much higher return than individually targeting stores,” explained researchers at Malwarebytes, in an analysis on Tuesday.
Read more here: https://threatpost.com/magecart-5-linked...ng/149419/