A new variant of a skimmer has revealed the increasingly muddy waters associated with tracking groups involved in Magecart-style attacks.
On Wednesday, researchers from RiskIQ described how a new Grelos skimmer has shown there is “increased overlaps” in Magecart infrastructure and groups, with this malware — alongside other forms of skimmer — now being hosted on domain infrastructure used by multiple groups, or connected via WHOIS records, known phishing campaigns, and the deployment of other malware, creating crossovers that can be difficult to separate.
See also: Magecart group uses homoglyph attacks to fool you into visiting malicious websites
Magecart is an umbrella term used to describe information stealing campaigns and threat actors that specialize in the theft of payment card data from e-commerce websites.
Several years ago, well-known brands including British Airways and Ticketmaster became the first major victims of this form of attack, and since then, countless websites have