Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity
released on 2021-05-17 @ 06:48:18 PM
Malwarebytes looks at a campaign were a number of Magento 1 websites have been compromised by a very active skimmer group. Malwarebytes believes that Magecart Group 12, identified as being behind the Magento 1 hacking spree last fall, continues to distribute new malware that was observed by security researchers recently. These web shells known as Smilodon or Megalodon are used to dynamically load JavaScript skimming code into online stores as well as to steal user credentials.