Smilodon Webshell Powers a Magecart-like Skimming Campaign

Keeper Mahecart Group

The Magecart gang inspired hundreds of cybercriminals to employ Web-based skimmers in their malicious attacks. The good news is that these campaigns are not that widely spread – attackers who want to get involved need to compromised an online vendor's website or server first and then deploy the malicious code responsible for the card-stealing attack. One of the latest campaigns of this sort is executed with the use of a new webshell called Smilodon or Megalodon. The Smilodon Webshell was found planted on Magento-based eCommerce websites, and researchers also discovered malicious code meant to hijack payment data from customers.

It is important to note that the usage of the Smilodon Webshell is a predecessor to the card skimming attack. This webshell supports many additional commands, which would enable the attacker to take complete control over the compromised Web server. Of course, simply destroying the website is not profitable – this is why the criminals are employing malicious JavaScript code to steal data from customers.

The bad news about the recent card-skimming attack involving the Smilodon Webshell is that the attackers have adopted a new method of loading the JavaScript code in the compromised website. This is meant to help them dodge security software that would block the suspicious connection/page. Thankfully, their experiment is not that successful, and users relying on reputable anti-malware software are likely to see a warning when they visit a compromised Web page that looks normal but behaves abnormally in the background.

Web-based skimming attacks are exceptionally dangerous since customers are the ones having their data stolen, while the shop administrators may have no clue that their server has been compromised. Because of this, such attacks may often go unnoticed for months in case the eCommerce website's administrators do not take the necessary measures to identify and intercept such attacks. Another example of a similar attack can be found at Magecart Malware Scraped Card Data for 8 Months From a British Outdoor Clothing Retailer.

By Ruik
May 14, 2021
Malware
English
May 14, 2021
Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Computer Security

Malvertising Campaign Targets Millions of Users

A malvertising campaign dubbed "Tag Barnakle" has infected over 120 advertising servers in the past twelve months, according to security researchers. The goal of the large-scale campaign was to inject malicious code... Read more

April 20, 2021
Malware

LinkedIn-oriented Spam Campaign Spreads the More_eggs Malware

More_eggs is the name of a unique piece of malware developed by a cybercrime organization known under the name Golden Chickens. This group specializes in providing other threat actors with access to their uniquely... Read more

April 13, 2021
Ransomware

WickrMe Ransomware Campaign Goes After Outdated Microsoft SharePoint Servers

The WickrMe Ransomware (also called Hello Ransomware) is a dangerous file-encryption Trojan, which is being used against a very specific set of targets, so far. It is important to add that it has nothing to do with... Read more

April 29, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.