Cobalt cybercrime group might be launching Magecart skimming attacks
Researchers have found links between Magecart-based Web skimming attacks and a sophisticated cybercrime group dubbed Cobalt that has stolen hundreds of millions from financial institutions worldwide. They also found evidence of server-side skimming, which is harder to detect than the typical JavaScript injections.
A joint analysis by Malwarebytes and security firm HYAS found significant similarities between the registration information for domain names used in their infrastructure by both Cobalt and a group tracked until now as Magecart Group 4 (MG4). In particular, both Cobalt and MG4 used the same email account naming pattern, the same email services, the same domain registrars and the same privacy protection services.
Read more: Cobalt cybercrime group might be launching Magecart skimming attacks