Mo Money, Mo Magecart
Online shopping sites are prime targets for cybercriminals. Large sites can process vast quantities of personal information and payment data, making them a high-value reward if successfully hijacked. On 29 April, Malwarebytes Threat Intelligence shared a JavaScript web skimmer their team discovered on a compromised French Canadian online shoe store. The skimmer was injected into the online store's checkout page and used to siphon off payment data and billing info. Data entered into the site was exfiltrated to a domain in Russia. I pivoted off this domain and looked at what was hosted on the same IP with a similar naming convention. This led to uncovered multiple other domains used for web skimming. I mapped the domains on VirusTotal graph here: I then chucked these domains into URLscan and uncovered at least five other sites that have been compromised in these attacks: Some additional pivoting uncovered a skimmer masquerading as a Bing Analytics domain that was injected ...