The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

This blog post was authored by Jérôme Segura, William Tsing, and Adam Thomas. In a previous post, we described the possible overlap between certain domains registered by Magecart Group 4 and the Cobalt gang. While attribution is always a difficult endeavor, sharing TTPs can help others to connect the dots between campaigns observed in the wild and threat groups. This time, we looked at … [Read more...]

Magecart Group 4: A link with Cobalt Group?

Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams. Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by injecting rogue JavaScript code designed to steal any information entered by victims on the checkout … [Read more...]

Everything you need to know about ATM attacks and fraud: part 2

This is the second and final installment of our two-part series on automated teller machine (ATM) attacks and fraud. In part 1, we identified the reasons why ATMs are vulnerable—from inherent weaknesses of its frame to its software—and delved deep into two of the four kinds of attacks against them: terminal tampering and physical attacks. Terminal tampering has many types, but it involves … [Read more...]