“MakeFrame” Skimmer Targets E-commerce Businesses in New Campaign

  • The campaign has successfully compromised at least 19 different e-commerce websites so far.
  • Experts said the threat group also used victim sites for skimmer development.
Researchers disclosed a new card skimmer campaign that targets the payment card details of online shoppers. 

What happened?
The new data skimmer, dubbed "MakeFrame," was first spotted on January 24.

  • The campaign has successfully compromised at least 19 e-commerce websites so far.
  • It is suspected that Magecart Group 7 developed MakeFrame and released several different versions of it.

Researchers revealed, "There are several elements of the MakeFrame skimmer that are familiar to us, but it’s this technique in particular that reminds us of Magecart Group 7."

MakeFrame and its versions
MakeFrame can compromise e-commerce sites to host the skimming code, load the skimmer on it and exfiltrate the stolen data.

  • Security researchers identified three distinct versions of the skimmer with varying levels of obfuscation.
  • The multiple versions were evidence of the group’s persistent to seek and try to cheat and steal from yet more victims in different ways.
  • Experts said the threat group also used victim sites for skimmer development.

"This latest skimmer from Group 7 is an illustration of their continued evolution, honing tried and true techniques and developing new ones all the time. They are not alone in their endeavors to improve, persist, and expand their reach," added the experts. 

Other key findings
All the compromised e-commerce sites were small or medium-sized businesses. 

  • As per the study, there were more reasons for researchers to link MakeFame with Magecart Group 7. 
  • The data-stealing methods used by both the groups are similar in nature.
  • MakeFrame also sends stolen data as .php files to other compromised sites for exfiltration.
  • Also, the types of targeted victims were found to be similar.

Bottom line
Data-skimming attacks are on the rise at a time when the world is working remotely as a result of the COVID-19 outbreak. People are bound to purchase what they need online. The data from the study showed that Magecart attacks had grown 20% amid the COVID-19 pandemic.