Magecart

Malware Profile Updated 12 days ago
Download STIX
Preview STIX
Magecart is a consortium of malicious hacker groups known for targeting online shopping cart systems, such as the Magento system, with the aim of stealing customer payment card information. This malware, short for malicious software, infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In a recent campaign, Magecart has been observed using a new technique to inject a Stripe payment skimmer, which captures and exfiltrates payment data to an attacker-controlled site. The hackers tie this command to the checkout cart, resulting in its execution whenever /checkout/cart is requested. This method has extended Magecart's reach, allowing it to add Middle East retailers to its long list of victims. Moreover, the Magecart attackers have developed a new trick: stashing persistent backdoors within e-commerce websites that are capable of pushing malware automatically. In a novel approach, they hide the malicious code in the 404 error page, making it more challenging to detect and eliminate. This innovative strategy underscores the evolving nature of the threat posed by Magecart and highlights the need for robust cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Digital Skimming
3
Digital skimming is a form of malware that steals sensitive payment information during the online checkout process. This type of cybercrime has become increasingly prevalent, affecting numerous online businesses worldwide. Digital skimming attacks are typically executed by threat actors using JavaSc
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Fraud
Malwarebytes
Magento
Exploit
Android
Spyware
Wordpress
Cybercrime
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MoziUnspecified
2
Mozi is a type of malware, a malicious software designed to exploit and damage computer systems or devices. It can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access, Mozi has the potential to steal personal information, disrupt oper
Lumma StealerUnspecified
2
Lumma Stealer is a malicious software, or malware, that targets computer systems with the intent to exploit and damage them. This malware primarily focuses on stealing cryptocurrency wallets and browser user data. The latest version of Lumma Stealer was detected in our recent investigation, revealin
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Magecart Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Recorded Future
a year ago
Magecart Attacks: The Dark Art Fraudsters Use to Steal Payment Data
CERT-EU
a year ago
Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!
CERT-EU
a year ago
Magecart/eSkimming Attack Using Kritec Skimmer Creates the Perfectly Hijacked Checkout Page
CERT-EU
8 months ago
News Alert: Reflectiz declares war on Magecart web-skimming attacks as holidays approach
CERT-EU
a year ago
In-Store Versus Online: How Well Do You Know Your Security?
CERT-EU
a year ago
Magecart Skimmer Checkout Page Dupes Victim Store Forms
CERT-EU
4 months ago
Magecart is back: hotels in the firing line - Panda Security Mediacenter
CERT-EU
8 months ago
News Alert: Reflectiz declares war on Magecart web-skimming attacks as holidays approach | The Last Watchdog
CERT-EU
8 months ago
Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images | Antivirus and Security news
CERT-EU
8 months ago
Holiday Season Cyber Alert: Reflectiz Declares War on Magecart Attacks - Cybersecurity Insiders
CERT-EU
7 months ago
Magecart Web Skimmer Hides in 404 Error Pages
CERT-EU
7 months ago
Magecart Card Skimmers Strike Again
CERT-EU
8 months ago
Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images
DARKReading
a year ago
Researchers Spot a Different Kind of Magecart Card-Skimming Campaign
CERT-EU
7 months ago
Hackers modify online stores’ 404 pages to steal credit cards
DARKReading
4 months ago
Magecart Adds Middle East Retailers to Long List of Victims
CERT-EU
10 months ago
Imperva Offers New Features to Simplify PCI DSS Compliance
Securityaffairs
7 months ago
New Magecart campaign hides malicious code in 404 error page
CERT-EU
a year ago
How to prepare for PCI DSS 4.0
CERT-EU
5 months ago
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft