The state-sponsored organization, already suspected in past attacks such as WannaCry and numerous attacks against U.S media outlets, was discovered using Windows Update to deliver malicious payloads.
Card Stealer Malware Uses New Evasion Technique
August 4, 2021
August 4, 2021 Twitter Get Permission A new card stealer malware campaign that loads JavaScript malware from blocked domain lists to evade detection is targeting e-commerce sites that run Adobe s Magento software, security firm Sucuri reports.
Sucuri says one of its clients reported receiving warnings from its antivirus program when navigating to its checkout page. Researchers then found that threat actors were loading the JavaScript from at least 60 blocked domains that had been blacklisted for distributing carding malware.
The threat actors further obfuscated the malicious script by making it appear like JavaScript tied to a website animation component.
BankInfoSecurity
Compliance
@prajeetspeaks) • May 18, 2021 Get Permission
Magecart Group 12, known for skimming payment cards from e-commerce websites using JavaScript skimmers, is using an updated attack technique to gain remote administrative access to sites that run an older version of Adobe s Magento software, according to an analysis by Malwarebytes Labs’ Threat Intelligence Team.
The latest incarnation of an umbrella group of least seven distinct cybercriminal groups, Magecart Group 12, which was involved in another hacking spree last fall, is using an updated technique that uses PHP web shells, known as Smilodon or Megalodon, Malwarebytes says. The web shells dynamically load JavaScript skimming code via server-side requests into online stores to stay undetected by client-side security tools so they can then steal payment information.