Malwarebytes reports a new Magento-targeted campaign that injects digital skimmers to steal payment data during checkout. The skimmers blend with stores and are hard to detect, and Malwarebytes blocked over 1,100 theft attempts while alerting users and guiding remediation.hashtags #Magento #skimmer #Quickpay #Cloudflare #Malwarebytes #onlinestore
Keypoints
- Digital skimmers steal credit card information during online transactions.
- A new malware campaign targets Magento e-commerce platforms.
- Over a dozen attacker-controlled websites were identified for data theft.
- Malwarebytes protected over 1,100 unique theft attempts from users.
- Injected code alters the payment flow to capture sensitive information.
- Detection of skimmers requires inspecting network traffic or using Developer Tools and stores have taken action to remove malicious code.
MITRE Techniques
- [T1003] Credential Dumping – Brief description of how it was used. “Attackers may attempt to capture sensitive information such as credit card details during online transactions.”
- [T1505] Web Shell – Brief description of how it was used. “Malicious code is injected into websites to facilitate data theft.”
- [T1213] Data from Information Repositories – Brief description of how it was used. “Stolen data is stored in attacker-controlled databases for later retrieval.”
- [T1190] Exploitation of Public-Facing Application – Brief description of how it was used. “Vulnerabilities in online stores are exploited to inject malicious code.”
Indicators of Compromise
- [Domain] Malicious domains used by the skimmer – codcraft[.]shop, codemingle[.]shop, and 13 more domains