Addtionally, if in 2018 RiskIQ researchers identified 12 such groups, now, according to IBM, there are already about 38 of them.
This week, Malwarebytes experts announced that they at once have discovered several MageCart web skimmers on the Heroku cloud-based PaaS platform.
“The found skimmers were used in active malicious campaigns, and the hackers behind this scheme not only used Heroku to place their infrastructure and deliver skimmers to target sites, but also used a service to store stolen card information”, – said Malwarebytes representatives.
Researchers found four free Heroku accounts that hosted scripts for four third-party sellers:
Of course, in addition to setting up Heroku accounts, deploying skimmer code and data collection systems, this scheme also required compromising the most targeted sites, but so far the researchers have not established how they were hacked (although some sites had unpatched web applications).
Read also: Experts found a connection between Carbanak and one of the MageCart groups
Attackers injected one line of code on hacked sites. The embedded JavaScript, which was hosted on Heroku, tracked the current page and detected a Base64 encoded string “Y2hlY2tvdXQ =” – this means “checkout”, that is, “place an order”.
“When the string was detected, malicious JavaScript loaded the iframe, which stole the payment card data, and passed it (in Base64 format) to the Heroku account. An iframe-based skimmer worked like an overlay that appeared on top of a real payment form“,- say researchers from Malwarebytes
Researchers found several web skimmers on Heroku at once. In all cases, the names of the scripts were assigned according to one scheme, and they all earned money during the last week. All this indicates that this is either work of one hack group, or the attackers used the same source code. It seems that the attackers launched their operations in anticipation of Cyber Monday and the upcoming holiday sales season.
Malwarebytes experts note that the use of Heroku is not the first such precedent. So, previously, experts already discovered Magecart skimmers on GitHub (April 2019) and on AWS S3 (June 2019).
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…