Cobalt cybercrime group might be launching Magecart skimming attacks

Researchers have found links between Magecart-based Web skimming attacks and a sophisticated cybercrime group dubbed Cobalt that has stolen hundreds of millions from financial institutions worldwide. They also found evidence of server-side skimming, which is harder to detect than the typical JavaScript injections.

A joint analysis by Malwarebytes and security firm HYAS found significant similarities between the registration information for domain names used in their infrastructure by both Cobalt and a group tracked until now as Magecart Group 4 (MG4). In particular, both Cobalt and MG4 used the same email account naming pattern, the same email services, the same domain registrars and the same privacy protection services.

To read this article in full, please click here