Magecart hits again, leveraging compromised sites and newly registered domains

During alert monitoring, ThreatLabZ researchers came across multiple cases of shopping sites being compromised and injected with a skimming script. This injected script looks for the payment method and personally identifiable information (PII) and captures supplied financial information which is then sent to an adversary-controlled gate server even before the ... Read More

Scammers Use Cheap and Squatted Domains to Create Fake Sites

|
Last summer, a ThreatLabZ blog covered scam campaigns in which bad actors using .tk domains were showing warnings of a fake malware infection and trying to generate revenue by offering remediations. We recently noticed the development of similar campaigns in which bad actors are making use of cheap domains, registering ... Read More

Scammers use cheap and squatted domains to create fake sites

|
Last summer, a ThreatLabZ blog covered scam campaigns in which bad actors using .tk domains were showing warnings of a fake malware infection and trying to generate revenue by offering remediations. We recently noticed the development of similar campaigns in which bad actors are making use of cheap domains, registering ... Read More

Magecart campaign remains active

| | Compromise, Malware
The Zscaler ThreatLabZ team has been tracking the Magecart campaign for several months. Magecart is a notorious hacker group that has been responsible for large attacks on the e-commerce sites of well-known brands, and we have continued to see its activity during this past month. In this blog, we will ... Read More