Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Secondary E-Skimmer Siphons Stolen Data From Original Attacker

Malwarebytes researchers outlined a new Magecart attack that has been affecting the retailer Costway. Magecart is an umbrella term used to describe several groups of thieves that are focused on attacking e-commerce websites to steal credit card data. While researching a large number of affected websites with the Magento 1 e-skimmer, researchers identified a second threat actor that targeted Costway. The second threat actor designed a skimmer that would siphon the stolen credit card data from the original e-skimmer that was already targeting Costway. Furthermore, the new s-skimmer script is able to identify if the original skimmer script is taken off the website. If this happens, the secondary skimmer then deploys itself on the website as the main skimmer to continue to steal credit card data.

Analyst Notes

Magecart attacks have been around for a long time but have become more prevalent within the last year, likely due to the increase in online shopping. Credit card data is valuable to thieves and can cause major problems for victims of theft. Online shoppers should take action and protect themselves when shopping online. To prevent fraudulent charges by Magecart or any other credit card thieves, consumers should sign up for one-time use credit cards which can be purchased through verified services or some banks. These services allow the consumer to purchase a pre-loaded credit card that can only be used once or used multiple times but has a balance of zero until the money is added to it. By keeping the balance at zero, if the card were to be compromised, an attacker would not be able to purchase anything with the number. One-time use cards provide the buyer with a credit card number that expires after the purchase. Though these cards may seem like a hassle for many, they do not take that much time to register for and will relieve consumers of the stress that could be caused by having a card compromised.

More can be read here: