"Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity"

Magecart is a continually growing network of gangs specializing in installing card skimmers on e-commerce websites in order to steal credit card information. Over the years, groups affiliated with the syndicate have carried out numerous and, at times, large thefts of credit card data from websites, including those of major companies such as TicketMaster and British Airways. Malwarebytes researchers recently noticed a threat actor installing a payment card skimmer based on the mr.SNIFFA framework on several e-commerce websites. This framework is a service that generates Magecart scripts that threat actors can dynamically deploy to steal credit and debit card information from online shoppers. The malware adopts different obfuscation techniques and tactics, such as steganography, to load payment card-stealing code onto target websites. Their analysis of the campaign's infrastructure led to the discovery of a vast network of additional operations, including cryptocurrency scams, forums for selling malicious services, and stolen credit card details, which all appeared to be tied to the same perpetrator. This article continues to discuss findings from the investigation of the infrastructure associated with a new, cryptocurrency-focused Magecart skimmer. 

Dark Reading reports "Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity"