Cybercriminals are upping the ante when it comes to compromising websites with Magecart payment card skimmers, as evidence by the recent discovery of two infected web domains used by poker enthusiasts.
A Malwarebytes blog post this week identified the two affected web pages as pokertracker.com and its subdomain pt4pokertracker.com. Both are related to a software application for poker players called PokerTracker 4. The app itself is not trojanized; however, its user interface displays the infected web pages, explained blog author Jerome Segura, Malwarebytes’ director of threat intelligence. Therefore players either using the app or visiting the poker websites directly were exposed.
Both sites were observed a using version of the Drupal content management network that was outdated (version 6.3x), and thus vulnerable to JavaScript injection. This allowed cybercriminals to inject the skimmer, which was specifically customized for the pokertracker.com, and attempted to exfiltrate data to the malicious domain ajaxclick[.]com. This site was found to host multiple skimmers, each customized for a different targeted website, in ..
Support the originator by clicking the read the rest link below.
