Uncovering a New Ongoing Magecart Campaign
Tech experts specializing in cybersecurity have discovered a new web skimmer campaign that operates similarly to the infamous Magecart campaign. This particular campaign was specifically created to collect personally identifiable information (PII) and credit card data from e-commerce websites.
The twist, however, is that this Magecart campaign goes further than the ones that came before it. The hijacked sites now double as “makeshift” command-and-control (C2) servers, allowing multiple cybercrime groups to conduct their operations simultaneously.
Making Use of Multiple Cybercrime Groups
The hackers behind this latest Magecart-style campaign have done something unprecedented. They’ve made it possible for multiple cybercrime groups to use their hijacked sites as C2 servers. The aim is to maintain their operations while avoiding detection by law enforcement agencies.
So far, the groups that have used this infrastructure for their operations aren’t necessarily related. However, the fact that they have managed to use the same server infrastructure without compromising each other’s operations is a worrying indication of the campaign’s effectiveness.
Stealing Personal and Financial Information
The end goal of the new web skimmer campaign is simple yet highly lucrative. The hackers’ primary target is e-commerce websites, which are particularly vulnerable to attacks as they process large amounts of personal and financial information.
By stealing this data, the hackers can carry out identity theft, create cloned cards, or sell the information on dark web marketplaces for a profit.
The Bottom Line
This Magecart-style web skimmer campaign is quite different from others that have been seen before. Its use of hijacked sites as makeshift C2 servers is novel, and its success in hosting multiple cybercrime groups is particularly concerning. Companies that run e-commerce websites must remain vigilant and take all necessary measures to protect their customers’ personal and financial information. The risks of not doing so are far too high.
Original Article:https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html