"Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar"

Security researchers at Malwarebytes have discovered that a new Magecart threat actor is stealing people’s payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines (VM) so it targets only actual victims and not security researchers.  The researchers discovered the new campaign, which adds an extra browser process that uses the WebGL JavaScript API to check a user’s machine to ensure it’s not running on a VM.  The researchers stated that by performing this in-browser check, the threat actor can exclude researchers and sandboxes and only allow real victims to be targeted by the skimmer.

Threatpost reports: "Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar"