RiskIQ exposes MageCart group that has combined data exfiltration techniques

Be cautious out there! On Tuesday, security research firm RiskIQ exposed yet another MageCart group. This one is using phishing combined with card skimming to bilk consumers' bank accounts. The hackers seem pretty sophisticated when it comes to phishing, but less experienced at skimming.

The MageCart group is known as Fullz House and has been highly successful at maximizing its profits combining phishing with card skimming. RiskIQ analyst Yonathan Klijnsma told TechSpot that after carefully analyzing the group's tactics, he had two main takeaways.

[Fullz House is an] organized group running the sales as well as the theft of payment data and PII (personally identifiable information) from phishing pages for payment processors. Their skimming operation comes in two parts:

Your every-day skimmer we've seen hundreds of times (they did build their own, which is a bit backward and looks more like the first skimming attempts we saw in 2014).

A man-in-the-middle payment phishing page where a user normally is redirected to their bank to pay, they now get this phishing page, and once they enter their data are redirected to their real bank. The actual flow of the process is not interrupted, and they can finish their checkout process.

Fullz House appears to have been involved with its phishing operation for quite a while but has begun to use skimming techniques more recently. RiskIQ says it is not uncommon to see groups that are known to operate in one "ecosystem" to try something different. MageCart Group 4 specialized in banking malware, but last year began using card skimming attacks.

"Ultimately, the picture that emerges is of a well-connected group that has access to bulletproof hosting, is schooled in the world ..

Support the originator by clicking the read the rest link below.