X-Industry

The ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users.  The cyber threat actor used original logos from the compromised store and customized a web element known as a modal to hijack the checkout page perfectly.  Interestingly, the “skimmer” page looks more authentic than the original payment page.  It must be the improved graphics.[1]

The term Magecart is

Activity Summary - Week Ending on 25 February 2022:

• Red Sky Alliance identified 9,248 connections from new IP’s checking in with our Sinkholes
• com[.]tr Hit 336 times last week.
• Analysts identified 9,095 new IP addresses participating in various Botnets
• DriveGuard
• Magecart
• Cloud Security
• Impacket & APT10
• CyberWar
• Stealing Discord Tokens
• Cyclops Blink
• Russian Cyber-Attacks; Ukraine Attack

Link to full report: IR-22-056-001_weekly056.pdf

According to cyber threat investigators, several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a secure hosting service called Media Land, according to a report from security firm RiskIQ. During their investigation, the researchers found that thousands of domains used for JavaScript skimmers, phishing domains and other malicious infrastructure have been registered with Media Land since 2018 using at least two email addresses and other aliases.

Activity Summary - Week Ending 21 August 2020:

• Red Sky Alliance observed 15 unique email accounts compromised with Keyloggers
• Videoholka still is Keylogged
• Analysts identified 47, 658 connections from new unique IP addresses
• 3,294 new IP addresses participating in various Botnets
• Drovorub Malware Exposed
• FritzFrog P2P botnet struck at least 500 government and enterprise SSH servers
• COVID-19 Variants
• Magecart Group 8
• Oil Prices stuck in the $40-$45 Range
• Petrobas and Microsoft working together f