New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Magecart Compromised More Than 17,000 Websites in New Campaign

Magecart: Magecart has been found to be behind a massive campaign which has compromised at least 17,000 domains since April stated RiskIQ.  The group accomplished this by scanning for misconfigured Amazon S3 servers.  The group then uploaded malicious code to the misconfigured servers within JavaScript files utilized by live websites.  As with most Magecart campaigns, the code was designed to log payment card details from visitors to the affected websites.  A number of the victims include companies which provide services to other online services including Picreel, Alpaca Forms, AppLixir, RYVIU, OmniKick, eGain, and AdMaxim.  Because each of those companies provides services to thousands of other companies when the JavaScript files on their servers where compromised it spread and affected their customers as well.

Analyst Notes

The group within Magecart involved in this attack is still not known for sure, but it is believed that they are likely a newer group because of their use of more basic and commonly-available skimming software.