3rd Party Risk Management , Cloud Security , Cybercrime as-a-service
Analysts Find Fresh Magecart Code and Redirectors to Malvertising Campaign Ishita Chigilli Palli (Ishita_CP) • June 11, 2020Cybercriminals are continuing to take advantage of unsecured Amazon Web Services Simple Storage Service cloud storage buckets, with RiskIQ researchers recently finding malicious card skimming code and redirects to a long-running malvertising campaign infecting several websites.
See Also: Live Webinar | 2021: A Cybersecurity Odyssey
The malicious skimming code appears to belong to Magecart, which is the umbrella name for a group of cybercriminal gangs that have been planting JavaScript skimmers, also known as JavaScript sniffers or JS sniffers, on dozens of e-commerce checkout sites over the past several years in order to steal payment card numbers and other customer data (see: Magecart Group Hits Small Businesses With Updated Skimmer).
On May 12, RiskIQ researchers found the Magecart skimming code on three websites owned by Endeavor Business Media, which hosts content and online forums for firefighters, police and private security professionals, according to the report.
In addition, the analysts found a malicious redirect to a malvertising campaign called Hookads. RiskIQ attempted to contact Endeavor about the code and unsecured S3 buckets, but has not ..
Support the originator by clicking the read the rest link below.
