SCUF Gaming Magecart Loader
Just a quick post on a digital skimmer loader that is somewhat unique. The threat actor used a script tag with a base64 encoded payload.
Just a quick post on a digital skimmer loader that is somewhat unique. The threat actor used a script tag with a base64 encoded payload.
Digital skimmers will use a variety of infrastructure setups to help hide the real servers. This varies by the script that is being used, but in general you will see three different hosts involved: Host 1 and 2 are sometimes … Continue reading
Hunting for digital skimming/magecart infrastructure is interesting. We have an advantage that the bad guys can’t stop: unless they’ve breached the payment servers of some company, their actions are completely public. They’ll do their best to hide themselves, but every … Continue reading
In my last post, I highlighted a digital skimming loader that tried to pretend that it was Google Analytics. In this post, I’ll show a similar one, this time purporting to be Google Tag Manager. This is by the same … Continue reading
A quick examination of a Magecart/Digital Skimmer loader. A loader is just Javascript code that loads additional code. They’re designed to look innocuous, frequently mirroring common tools like Google Analytics. To start, here is the entire code: If you look … Continue reading