A new offshoot of the Grelos card-skimming malware - a common Magecart variant - is doing the rounds, according to infosec biz RiskIQ.
The latest strain described by RiskIQ contains "a rehash" of the original code first seen in 2015-16, consisting of a loader and a skimmer, "both of which are base64 encoded five times over."
A unique cookie linked to the Grelos strain gave researcher Jordan Herman the clue he needed to track it.
Spotted in the wild as part of the compromise of US-based Boom! Mobile earlier this year, the latest Grelos strain was linked to Fullz House, a hacking crew that combined the skills of two separate criminal gangs who respectively specialised in phishing and card skimming, as RiskIQ previously heads strain skimming grelos malware loose
