The MageCart group, known for its credit card information-stealing campaigns, has upped the ante with respect to its tactics.
Security firm RiskIQ, which conducted an in-depth investigation of the threat group, found that the skimmers employed by MageCart were constantly updated with new features to steal payment related information. A blog by the firm on MageCart “Group 4” detailed how the group transformed with their actions.
The big picture - MageCart group also has refined its skimmers’ software structure. The code in the skimmer is more efficient than earlier versions.
“The previous version of Group 4’s skimmer wasn’t actually a skimmer—it was an overlay payment phishing system. However, in the updated version, they are skimming existing payment forms instead of building up their own payment forms. Group 4’s skimmer now goes through page forms and pulls out the payment data, which significantly reduced the skimmer from over 1,500 lines of code to a little over 150 lines,” indicated RiskIQ’s blog.
RiskIQ, in collaboration with another firm Flashpoint, has also released a comprehensive report detailing how the group has reorganized to perpetuate their attacks for the coming years.