Cybercrime FIN6 Switches Up PoS Tactics to Target E-Commerce


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale (PoS) data in the U.S. and Europe, has changed up its tactics to target e-commerce sites.

According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), FIN6 (a.k.a. ITG08) has been spotted injecting malicious card-skimming code into online checkout pages of compromised websites. The code steals payment-card data as it’s entered into shopping-cart forms.

However, that’s only part of the story. To inject the code, FIN6 first gains access to a target environment to install a backdoor – before pivoting and stealing additional information from throughout the victim network.
The backdoor code is the More_eggs JScript backdoor malware (a.k.a. Terra Loader or SpicyOmelette), according to IRIS.

In a recently observed campaign, FIN6 began the campaign with targeted emails.
“We believe ITG08 is actively attacking multinational organizations, targeting specific employees with spearphishing emails advertising fake job advertisements,” according to a Thursday writeup by IRIS.
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.