MageCart Launches Customizable Campaign
June 29 2019MageCart, a loose group of individuals and organizations that specializes in JavaScript information skimmers used to compromise commercial websites, has a new offering for it customers — one that carries new dangers for website owners and customers.
According to researchers at Fortinet, MageCart is now licensing Inter. According to Inksit Threat Analysis, “Inter is a JS Sniffer (credit card sniffer) that Sochi has sold on Exploit forum since December 2, 2018. One license of Inter costs $1,300, which includes the sniffer (payload), a user manual, 24/7 customer support, and free updates.”
MageCart is offering Inter as a highly customizable payload along with JavaScript loaders and bundles of software that can ensure the malicious payload isn’t being executed in a debugger or sandbox.
One of the campaign’s unique qualities, according to Fortinet’s report, is that the software injects a fake card payment form on a targeted Web page and skims a victim’s entered card information, whether or not the page is a checkout form. This means the skimmer can be brought into the customer experience much earlier.
Changing the skimmer’s point in the process also means it might be able to avoid some security software intended to catch it on the checkout page. An additional feature helps Inter avoid detection by hiding the stolen information in plain site.
The Fortinet researchers show that the MageCart-customized version of Inter creates an “IMG” element — an image element often used on Web pages — and then puts the exfiltrated data as a parameter of the image.
Neither Inter nor MageCart are new. What is new is the criminal group’s use of this customizable, widely available tool. In the conclusion of their report, Fortinet researchers predict the success of the campaign means other groups are more likely to adopt Inter as well.
Related Content:
- Getting Up to Speed on Magecart
- New Software Skims Credit Card Info From Online Credit Card Transactions
- 7 Signs of the Rising Threat of Magecart Attacks in 2019
- Magecart Mayhem Continues in OXO Breach
- Study Exposes Breadth of Cyber Risk
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio
MageCart Launches Customizable Campaign
June 29 2019MageCart, a loose group of individuals and organizations that specializes in JavaScript information skimmers used to compromise commercial websites, has a new offering for it customers — one that carries new dangers for website owners and customers.
According to researchers at Fortinet, MageCart is now licensing Inter. According to Inksit Threat Analysis, “Inter is a JS Sniffer (credit card sniffer) that Sochi has sold on Exploit forum since December 2, 2018. One license of Inter costs $1,300, which includes the sniffer (payload), a user manual, 24/7 customer support, and free updates.”
MageCart is offering Inter as a highly customizable payload along with JavaScript loaders and bundles of software that can ensure the malicious payload isn’t being executed in a debugger or sandbox.
One of the campaign’s unique qualities, according to Fortinet’s report, is that the software injects a fake card payment form on a targeted Web page and skims a victim’s entered card information, whether or not the page is a checkout form. This means the skimmer can be brought into the customer experience much earlier.
Changing the skimmer’s point in the process also means it might be able to avoid some security software intended to catch it on the checkout page. An additional feature helps Inter avoid detection by hiding the stolen information in plain site.
The Fortinet researchers show that the MageCart-customized version of Inter creates an “IMG” element — an image element often used on Web pages — and then puts the exfiltrated data as a parameter of the image.
Neither Inter nor MageCart are new. What is new is the criminal group’s use of this customizable, widely available tool. In the conclusion of their report, Fortinet researchers predict the success of the campaign means other groups are more likely to adopt Inter as well.
Related Content:
- Getting Up to Speed on Magecart
- New Software Skims Credit Card Info From Online Credit Card Transactions
- 7 Signs of the Rising Threat of Magecart Attacks in 2019
- Magecart Mayhem Continues in OXO Breach
- Study Exposes Breadth of Cyber Risk
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio
