UltraRank hackers compromised 100s of websites via JS-Sniffer attacks

By Zara Khan
The cybercriminal group dubbed as “UltraRank’ previous shenanigans were linked to Magecart Groups 2, 5, and 12.
This is a post from HackRead.com Read the original post: UltraRank hackers compromised 100s of websites via JS-Sniffer attacks
Continue reading UltraRank hackers compromised 100s of websites via JS-Sniffer attacks

Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers.

According to a report published tod… Continue reading Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Indonesian police arrest 3 men for alleged Magecart-style attacks

Police in Indonesia have arrested three men accused of inserting malicious code into e-commerce websites to steal shoppers’ payment data, an emerging hacking technique that scammers have used to pilfer victims’ information while avoiding detection. Interpol announced Monday it coordinated a law enforcement operation that identified hundreds of websites that had been infected with malicious software used to collect customers’ financial data and personal details. Three men, identified only by their initials, were arrested on Dec. 20 in Jakarta and Yogyakarta, for allegedly using the stolen data to purchase electronics and other luxury items, then reselling that merchandise for a profit. By relying a malicious tool that attacked the JavaScript programming language, this group used a technique known as a Magecart-style attack to carry out the digital equivalent of a smash-and-grab robbery. At least a dozen so-called Magecart groups use similar techniques to steal data from victims that have included […]

The post Indonesian police arrest 3 men for alleged Magecart-style attacks appeared first on CyberScoop.

Continue reading Indonesian police arrest 3 men for alleged Magecart-style attacks

Magecart’s ‘shotgun approach’ to payment card theft is wreaking havoc on e-commerce sites

It’s a good time to be in the credit card-stealing business. Hacking associations like Magecart — a loose collection of at least 12 groups that specialize in skimming payment data from digital checkout pages — are carrying out more efficient attacks to walk off with online shoppers’ data. By injecting malicious code into vulnerable e-commerce systems in anywhere from the payment system Magento to advertisements and analytics pages, thieves are able to exfiltrate payment information without detection. Before scammers hit Amazon’s CloudFront content delivery network last week and Forbes magazine in May, Magecart was best known for shaking down popular sites like Ticketmaster and British Airways. Each group relies on different techniques, ranging from exploiting server vulnerabilities to using unique skimming code and, in the case of Group 5, which was blamed for the Ticketmaster breach, hacking third party suppliers. “It’s like a shotgun approach to mass compromise,” said Yonathan […]

The post Magecart’s ‘shotgun approach’ to payment card theft is wreaking havoc on e-commerce sites appeared first on CyberScoop.

Continue reading Magecart’s ‘shotgun approach’ to payment card theft is wreaking havoc on e-commerce sites

Magecart is the most infamous payment skimmer. But it’s hardly the only one.

There’s been a steady stream of news about malware designed to skim customer payment data during e-commerce transactions, but research by security vendor Group-IB suggests that the problem is broader than the public might realize. JavaScript-sniffers — JS-sniffers for short — were lurking on 2,440 hacked websites that receive roughly 1.5 million unique daily visitors, according to research published Wednesday by the Moscow-based company. The malicious software essentially produces the same results as a credit card skimmer: Cybercriminals inject a few lines of code onto target websites, then sweep up account numbers, names, addresses and other information that’s valuable on dark web markets. And it’s not just Magecart, the best known group of JS-sniffers, Group-IB says. Twelve Magecart groups have been in operation, but Group-IB says its researchers discovered a total of 38 JS-sniffer groups — at least eight of which have not previously been investigated in detail. One JS-sniffer campaign, known as TokenLogin, was detected on sites that […]

The post Magecart is the most infamous payment skimmer. But it’s hardly the only one. appeared first on CyberScoop.

Continue reading Magecart is the most infamous payment skimmer. But it’s hardly the only one.

In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code

In a world that’s growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce sites.

Magecart, which is in the news a lot lately, is an umbrella term given to 12 different cyber criminal groups that are spec… Continue reading In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code