New MakeFrame Skimmer Claims 19 Victims

At least 19 websites have fallen victim to a new data skimmer that appears to have been developed by threat group Magecart Group 7.

Dubbed 'MakeFrame' by researchers at RiskIQ, the new data skimmer has been spotted out in the wild in several different versions.

Researchers first came across the skimmer on January 24. Since then, MakeFrame has been spotted hosting skimming code, loading the skimmer on other compromised websites, and exfiltrating stolen data. 

"There are several elements of the MakeFrame skimmer that are familiar to us, but it’s this technique in particular that reminds us of Magecart Group 7," wrote researchers.

RiskIQ has identified three distinct versions of the skimmer with varying levels of obfuscation, from clear JS code to encrypted obfuscation. Some of these appear to be dev versions running debug processes, one of which even includes a version number.

"Magecart Group 7 also used victim sites for skimmer development, as we observed when they compromised OXO in 2017 and twice in 2018," said researchers.

The team at RiskIQ said the multiple versions of MakeFrame were evidence of threat actors' constant hunt for new ways to cheat and steal from yet more victims. 

"This latest skimmer from Group 7 is an illustration of their continued evolution, honing tried and true techniques and developing new ones all the time. They are not alone in their endeavors to improve, persist, and expand their reach," wrote researchers.

When studying the new threat, researchers noted that MakeFrame was targeting the same victim pool as Group 7. 

"Each o ..

Support the originator by clicking the read the rest link below.