Smilodon Webshell Powers a Magecart-like Skimming Campaign
The Magecart gang inspired hundreds of cybercriminals to employ Web-based skimmers in their malicious attacks. The good news is that these campaigns are not that widely spread – attackers who want to get involved need to compromised an online vendor's website or server first and then deploy the malicious code responsible for the card-stealing attack. One of the latest campaigns of this sort is executed with the use of a new webshell called Smilodon or Megalodon. The Smilodon Webshell was found planted on Magento-based eCommerce websites, and researchers also discovered malicious code meant to hijack payment data from customers.
Web-based skimming attacks are exceptionally dangerous since customers are the ones having their data stolen, while the shop administrators may have no clue that their server has been compromised. Because of this, such attacks may often go unnoticed for months in case the eCommerce website's administrators do not take the necessary measures to identify and intercept such attacks. Another example of a similar attack can be found at Magecart Malware Scraped Card Data for 8 Months From a British Outdoor Clothing Retailer.