Cybercrime FIN6 Switches Up PoS Tactics to Target E-Commerce

[silversurfer]

The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale (PoS) data in the U.S. and Europe, has changed up its tactics to target e-commerce sites.

According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), FIN6 (a.k.a. ITG08) has been spotted injecting malicious card-skimming code into online checkout pages of compromised websites. The code steals payment-card data as it’s entered into shopping-cart forms.

However, that’s only part of the story. To inject the code, FIN6 first gains access to a target environment to install a backdoor – before pivoting and stealing additional information from throughout the victim network.
The backdoor code is the More_eggs JScript backdoor malware (a.k.a. Terra Loader or SpicyOmelette), according to IRIS.

In a recently observed campaign, FIN6 began the campaign with targeted emails.
“We believe ITG08 is actively attacking multinational organizations, targeting specific employees with spearphishing emails advertising fake job advertisements,” according to a Thursday writeup by IRIS.

FIN6 Switches Up PoS Tactics to Target E-Commerce

The group is using the More_eggs JScript backdoor to anchor its attack.

threatpost.com

 

[silversurfer]

Magecart Card Skimmers Injected Into Online Shops

We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops.

blog.trendmicro.com