Malwarebytes announced in a Tuesday analysis that two malware domains of the newly discovered Magecart skimming campaign, “scanalytic[.]org” and “js.staticounter[.]net” , are part of a broader infrastructure used to carry out intrusions.

The earliest evidence of the campaign’s activity, based on the additional domains uncovered, suggests it dates back to at least May 2020.

Jérôme Segura, director of Threat Intelligence at Crunchbase said: “We were able to connect these two domains with a previous campaign from November 2021 which was the first instance to our knowledge of a skimmer checking for the use of virtual machines.”

Magecart is a cybercrime syndicate that specializes in cyberattacks on e-commerce storefronts and is composed of dozens of subgroups. Their trademark involved digital credit card theft by injecting JavaScript code.

It is unclear if Magecart is an organization with direction or simply unconnected groups who use the same method of attack.

In 2015 the attacks gained notoriety for singling out the Magneto commerce platform. Since then the syndicate has expanded to a notable WordPress plugin named WooCommerce.

WordPress has emerged as the top CMS platform for credit card skimming malware with skimmers concealed in the website in the form of fake images and JavaScript theme files.

“Attackers follow the money, so it was only a matter of time before they shifted their focus toward the most popular e-commerce platform on the web,” Sucuri’s Ben Martin noted.

The post Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign appeared first on IT Security Guru.


You May Also Like

9 out of 10 Security Leaders Warn of Skills Shortage

Despite business backing and a recruitment push, new research suggests most tech…

NHS 111 urgent care provider leads the way in secure and flexible workforce identity and access management with My1Login

  The platform integrates with their existing computer login and removes the…