Campaigns
Pay Attention to Magecart While Shopping

Pay Attention to Magecart While Shopping

Magecartja.magecartMagentoMalwareTrojan:JS/Magecartweb-skimming
Magecart, inspired by ecommerce platform Magento, is a type of cyberattack that targets online businesses with the goal of stealing sensitive information, including payment card data. These attacks are a form of web skimming and derive from the Magecart hacker group that began in 2015 targeting several well-known global brands.

Indicators of Compromise

secure.jobscur.com
webdirectoryuk.com
json.digebuy.com
lgnsyjcm9801.open
telemistry.net
login.webdirectoryuk.com
web.rossnnam.com
office.fielnnam.com
faxing-mon.best
ukmedia.store
es-megadom.com
download.sabaloo.com
origin.cdn77.kz
iserverxmlhttprequest2.open
xo.mikeplein.com
api.adobe.com.kz
maps.doaglas.com
api.win640.com
json.ama-prime-client.com
3houzz.com
2xdepp.com
www.n-o.online
xurum.com
sotech.fun
javasources.net
statements.sign-docs.co.za
zapolmob.sbs
d-ev.dev
cutlinks.biz
vuroselec.quest
cjvdfw.com
devtools.open
i-me.link
pracelec.yachts
cdn.alligaturetrack.com
dev.crisconnect.net
tagfb.tech
sdk.moonflare.org
mail.sh-op.shop
documents.cert-docs.co.za
dev-extension.us
pepperjams.org
literature539.space
www.gov.co.ve
clickandanalytics.com
gtag-analytics.com
da-y.today
mail.n-o.online
www.m-e.cyou
www.p-c.pics
i-cu.icu
techlok.bar
kruktech.shop
news.l3b7.com
mail.m-e.cyou
oo-o.co
depth305.digital
advertising-cdn.com
gstatuslink.com
cpcontacts.c-o.life
pinimg.org
appcloud2.buzz
demo-metrics.net
h.lookmind.net
www.o-n.one
defimob.bar
araboxtv.sbs
mail.h-air.hair
mail.p-c.pics
ultracoolfl.sbs
ganalitics.com
directory.name
mail.u-u.today
newarriwal.quest
b-ly.link
statements.sign-documents.net.za
en.jmoanews.com
www.ki-ki.link
www.u-u.icu
huggy.tech
web.livechatsinc.net
googlestorageadwords.com
www.c-o.life
scanalytic.org
static.opendwin.com
mail.b-i-t-l-y.co
web.webflows.net
bitly.best
klstech.shop
nujtec.shop
u-mu.mu
sanpatech.shop
serialhd2019.ru
r.klarnacdn.org
normst.tech
lin-ux.com
l-in.link
mail.cutlinks.ca
thecornerstoreau.sbs
t.trackedlink.org
vitalmob.pics
flagmob.quest
1599li.buzz
bulder.site
www.r-o.pro
ledeehub.shop
maxkora.com
kritec.pics
salt204.me
mail.sartoc.com
war740.engineer
cdn.cookieslaw.org
1599lx.buzz
www.i-me.link
mail.u-u.icu
1568lx.buzz
appcloud19.buzz
cuturls.net
www.u-u.today
googleadwordswidget.com
amplify.outbrains.net
new-adversting.com
trafficapps.business
epos.bayforall.biz
mail.c-o.life
accotech.quest
googlewidgetadwords.com
bus527.cfd
1537lx.buzz
1599lz.buzz
cdn.tomafood.org
mail.i-n-fo.info
gretit.yachts
saylor2xbtc.com
www.specialityllc.com
cdn.getambassador.net
js.librarysetr.com
appcloud3.buzz
snapengage.io
vv-vip.vip
googletagstorage.com
googletagswidget.com
bank.verified-docs.net.za
www.da-y.today
static.newrelc.net
bit-ly.mobi
lynxer.monster
bitly.gold
cdn.nosto.org
mail.l-in.link
c-you.cyou
graph.cloud-chart.net
kouelec.cyou
shopvisible.org
1537li.buzz
verified-docs.com
statements.sign-documents.org.za
www.pa-y.company
dratserv.bar
cpcalendars.c-o.life
1568li.buzz
ukatec.pics
2fblockcrypto.g16g.com
bank.sign-documents.net.za
mail.bitly.team
yachtbars.fun
cutlinks.ca
i-io.io
cdn.speedcurve.org
cloud-cdn.org
con.digital-speed.net
lavutele.yachts
googleadwordstrack.com
chase.sign-docs.org.za
gogletags.click
static.mantisadnetwork.org
jqueridev.at
mageento.com
googlewidgetmanager.com
sanjacss.com
documents.verified-docs.com
cdn.hs-analytics.org
orvx.pw
nevomob.quest
g16g.t-e.site
mail.da-y.today
blog.wallstfolly.com
mail.i-me.link
bitly.network
mail.lin-ux.net
www.t-o.asia
today.11g11.com
genlytec.us
cutlinks.org
jqbs-get.store
c-lick.click
cutlinks.pw
smestech.shop
chase.my-sign-docs.org
motherearthlabs.sbs
robinbanks.su
sorotele.yachts
gymorning.cyou
appcloud1.buzz
mn-vps.art
s1.listrakbi.org
mail.ki-ki.link
troadster.com
predator.host
mail.bit-ly.mobi
gstatsc.com
img.etakeawaymax.biz
stats-doubleclick.com
cdn.accutics.org
app-stat.com
agilityscripts.com
rawgit.net
st.adsrvr.biz
app.nomalert.org
content.digital-metric.org
lin-ux.net
strimmr.buzz
bit-ly.is
cpanel.c-o.life
common.quatserve.com
ii-ii.ru
m.brands-watch.com
mail.files-uploader.com
mail.xo-xo.info
hovr.monster
blackbiz.top
w-tw.tw
trustedport.org
shokomob.sbs
googletagwidgets.com
dig159.digital
mail.t-o.today
live.koranews.online
b-i-t-l-y.co
block714.mobi
css.tevidon.com
mail.tiny-url.mobi
cr-7.cc
dev-extension.cloud
rithdigit.cyou
jquery-node.com
cdn.jsdelivr.biz
heavy689.immo
js.imagero.org
2blu.cloud
msi-afterbarner.com
mail.e-il.email
documents.cert-docs.net.za
feedaty.org
trafficapps.org
gov-cn.cloud
marklibs.com
follow707.cloud
bank.my-sign-docs.com
www.xo-xo.info
mail.pa-y.company
libsconnect.net
web.dwin-co.jp
mail.cutlinks.org
nebiltech.shop
www.lin-ux.com
jsconfigur.org
w-me.me
swsgswsg.sbs
flowit.pics
search.global-search.net
cdn.base-code.org
cloveselec.quest
mail.b-i-t-l-y.net
documents.sign-docs.co.za
blindsmax.sbs
pluginmagento.com
js.artesfut.com
apexit.yachts
statements.sign-documents.co.za
xo-xo.info
www.lin-ux.net
nasaservers.sbs
webdisk.c-o.life
chase.sign-documents.org.za
nested-page.net
gtsmapicss.com
gtagmagr.com
jqueri-web.at
7raven.uno
filestack.live
en.toyorimix.com
i-n-fo.info
stacstocuh.quest
mail.uia.company
authorizen.net
system.save
b-id.bid
shumtech.shop
static.clarlity.com
googleservices.online
clickcease.biz
pluginmagento.net
paunit.pics
hedeya.sbs
chase.cert-docs.co.za
apiujquery.com
dwin1.org
tracker.web-cockpit.jp
news.akhbarn.com
statements.my-sign-docs.net.za
js.g-livestatic.com
mail.cutlinks.biz
gemdigit.pics
mail.o-n.one
googleadwordtrack.com
cutlinks.mobi
stylesfound.com
bitly.host
w-ws.ws
blind227.boutique
cdn.quickespark.net
entrydelt.sbs
tiny-url.mobi
static.lookmetric.com
1537la.buzz
fastfixtuning.nl
web.speedstester.com
temple321.bar
quickconnect.io
bank.sign-documents.org.za
bouncepilot.net
googleadwordsdata.com
appcloud5.buzz
cdn.alexametrics.net
remediadigital.sbs
mail.cuturls.net
sanjss.com
roboshop.sbs
screenmet.sbs
accdn.lpsnmedia.org
hal-data.org
listrakbi.io
simplessl.icu
99pw.pw
googletagwidget.com
m.sleeknote.org
bind853.me
abtasty.net
googletrackevent.com
peqart.sbs
kitten-268.frge.io
dev-extension.one
naturalfreshmall.com
en.jopspalestine.com
bank.verified-docs.site
door111.network
cilent-tracking.com
bank.cert-docs.net.za
elon2xmusk.com
antohub.shop
designestylelab.com
magentoconnectors.com
tochdigital.pics
stat-analytics.org
statements.verified-docs.org.za
blockcrypto.g16g.com
px.owneriq.org
magento-cdn.net
pyatiticdigt.shop
code.xjquery.com
bestmixer.mx
jspack.pro
lightgetjs.com
sy-s.systems
news.yutrnd.com
regtech.sbs
inspirefitness.sbs
bank.verified-docs.org.za
static.druapps.org
traidlngvieew.site
h-air.hair
principiaskin.com
apis.murdoog.org
mail.f-u.fun
mail.gov-cn.cloud
ridst.tech
bowlersmart.com
1599la.buzz
bubapeq.quest
paramountchemicals.sbs
bereelec.quest
cdn.pinnaclecart.io
kompartpomiar.pl
ki-ki.link
nypi.dc-storm.org
app.iofrontcloud.com
appcloud20.buzz
webmail.c-o.life
mail.r-o.pro
js.staticounter.net
reduction925.cc
app.rolfinder.com
1568la.buzz
rolfinder.com
jquerystatic.xyz
sign-documents.net.za
www.f-u.fun
chase.sign-documents.co.za
javascriptmagneto.net
mail.bitly.email
cc-z.cz
earn454.live
slavery588.biz
cdn.boxsearch.org
okqtfc1.org
documents.verified-docs.org.za
xjquery.com
google-statik.pw
bitly.email
mail.lin-ux.com
collectingstatistics.net
app.purechat.org
schmerzfrei-shop.sbs
daichetmob.sbs
interytec.shop
chase.sign-docs.net.za
lp.celebrosnlp.org
passenger210.bar
co-o.co
oumymob.shop
documents.my-sign-docs.org
mail.t-o.asia
supper728.gifts
stage.sleefnote.com
prijetech.shop
opendwin.com
pa-y.company
shotsmob.sbs
l-ol.lol
gxmod.pics
beta4us.click
ganalitis.com
idtransfer.icu

APT Groups2

MageCart
FIN6
Camouflage TempestWhite GiantFIN6Gold FranklinITG08Skeleton SpiderTAG-CR2ATK 88TAAL

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

Consumer Security Measures:
  • Avoid entering personal information on untrusted websites.
  • Verify the legitimacy of the domain URL to avoid fake websites.
  • Use browser extensions to block JavaScript from untrusted sites, reducing the risk of attacks.
  • Be cautious of malicious code that may already exist on trusted websites.
E-commerce Merchant Responsibilities:
  • Consider outsourcing the handling of financial transactions to trusted, larger parties for enhanced security and PCI compliance.
  • Acknowledge the potential risks associated with collecting and handling customer data, especially payment information.
  • Focus on business aspects while relying on trusted third parties to handle sensitive transactions.
Third-Party Resource Integrity:
  • Recognize the importance of third-party resource integrity checking in securing external content.
  • Understand that websites often rely on CDNs and other providers for content delivery and performance.
  • Implement safeguards such as Content Security Policy (CSP) and Subresource Integrity (SRI) to mitigate various threats, not just credit card theft.
  • Be proactive in monitoring and securing third-party libraries to protect against potential compromises and vulnerabilities.
  • These improvements aim to enhance both consumer and merchant security in the context of e-commerce websites and the use of third-party resources.






Reports & References2

Observed Countries250

AD (488)
AE (446)
AF (375)
AG (317)
AI (741)
AL (26)
AM (230)
AO (911)
AQ (809)
AR (268)
AS (159)
AT (1)
AU (386)
AW (102)
AX (873)
AZ (368)
BA (259)
BB (29)
BD (506)
BE (423)
BF (921)
BG (186)
BH (25)
BI (734)
BJ (251)
BL (113)
BM (534)
BN (359)
BO (178)
BQ (13)
BR (816)
BS (643)
BT (997)
BV (491)
BW (814)
BY (584)
BZ (165)
CA (483)
CC (770)
CD (815)
CF (768)
CG (996)
CH (646)
CI (624)
CK (57)
CL (834)
CM (201)
CN (977)
CO (181)
CR (183)
CU (753)
CV (991)
CW (548)
CX (728)
CY (3)
CZ (588)
DE (1)
DJ (339)
DK (145)
DM (525)
DO (698)
DZ (419)
EC (819)
EE (125)
EG (614)
EH (366)
ER (386)
ES (422)
ET (754)
FI (581)
FJ (802)
FK (79)
FM (198)
FO (685)
FR (271)
GA (453)
GB (852)
GD (360)
GE (840)
GF (568)
GG (782)
GH (862)
GI (21)
GL (857)
GM (506)
GN (494)
GP (354)
GQ (806)
GR (614)
GS (9)
GT (858)
GU (570)
GW (211)
GY (339)
HK (403)
HM (512)
HN (892)
HR (872)
HT (131)
HU (979)
ID (35)
IE (34)
IL (58)
IM (985)
IN (929)
IO (261)
IQ (8)
IR (806)
IS (430)
IT (321)
JE (717)
JM (527)
JO (517)
JP (520)
KE (581)
KG (509)
KH (506)
KI (467)
KM (983)
KN (216)
KP (239)
KR (14)
KW (36)
KY (381)
KZ (568)
LA (61)
LB (518)
LC (315)
LI (681)
LK (67)
LR (214)
LS (776)
LT (724)
LU (992)
LV (155)
LY (767)
MA (4)
MC (791)
MD (554)
ME (220)
MF (293)
MG (152)
MH (680)
MK (622)
ML (223)
MM (138)
MN (312)
MO (38)
MP (13)
MQ (416)
MR (826)
MS (92)
MT (376)
MU (187)
MV (610)
MW (810)
MX (113)
MY (178)
MZ (729)
NA (372)
NC (955)
NE (137)
NF (775)
NG (198)
NI (333)
NL (892)
NO (263)
NP (661)
NR (759)
NU (600)
NZ (367)
OM (825)
PA (759)
PE (201)
PF (935)
PG (700)
PH (936)
PK (362)
PL (157)
PM (757)
PN (600)
PR (701)
PS (231)
PT (206)
PW (255)
PY (638)
QA (733)
RE (664)
RO (357)
RS (182)
RU (894)
RW (232)
SA (327)
SB (926)
SC (341)
SD (43)
SE (142)
SG (797)
SH (658)
SI (222)
SJ (282)
SK (207)
SL (996)
SM (892)
SN (782)
SO (840)
SR (505)
SS (898)
ST (40)
SV (157)
SX (29)
SY (614)
SZ (447)
TC (255)
TD (517)
TF (180)
TG (560)
TH (675)
TJ (46)
TK (958)
TL (17)
TM (716)
TN (967)
TO (14)
TR (202)
TT (787)
TV (666)
TW (517)
TZ (720)
UA (259)
UG (206)
UM (104)
US (731)
UY (366)
UZ (855)
VA (551)
VC (315)
VE (886)
VG (503)
VI (863)
VN (533)
VU (657)
WF (289)
WS (23)
XK (339)
YE (155)
YT (291)
ZA (246)
ZM (50)
ZW (542)