Magecart’s successes have led to threat actors actively advertising ‘sniffers’ that can be injected into e-commerce websites in order to exfiltrate payment cards.
The new research, shared exclusively with Threatpost, shows an array of threat groups who over the past six months have been tracked continually developing and advertising customized payment sniffers that are updated regularly, contain multiple capabilities, and are available for purchase or rent – making this type of web based attack more readily available to cybercriminals of all calibers, from sophisticated actors to script kiddies.
The Magecart group has found widespread successes in using these tools, with targets such as Ticketmaster, British Airways and other brands under its belt. The successes of Magecart-related attacks is also coupled with the increase in online shoppers due to the COVID-19 pandemic and mobile communications. These factors are spurring attackers to look to web based attacks for siphoning credit card information over the past year, researchers said.