Other Attackers Reuse Old Magecart Domains: Report

In its report, RiskIQ has outlined the indications of compromise associated with the attacks, including the malicious domains that the threat actors used to “inject web-skimming into browsers or as a destination for the skimmed payment information,” the report states.


Magecart appears to be a loose association of about a dozen different groups. Its campaigns have been well-documented by RiskIQ and other firms.


The success of the Magecart credit card attacks, which victimized hundreds of thousands of sites, millions of users and such major corporations as British Airways, Forbes, Ticketmaster and Newegg over the last 18 months, has led more cybercriminals to leverage Magecart’s tools, the researchers note in a report released Thursday.


Decommissioned domains that were part of the pervasive Magecart web-skimming campaigns are being put to use by other cybercriminals who are re-activating them for other scams, including malvertising, according to researchers at RiskIQ, a San Francisco-based cybersecurity firm.


Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management