Security experts linked the Magecart group 5 to the infamous Dridex banking Trojan and the Carbanak cybercrime group.
The Magecart group tracked as Magecart Group 5, one of the most active crime gangs under the Magecart umbrella, appears to be connected to the Carbanak crime gang.
Hacker groups under the Magecart umbrella continue to target to steal payment card data with so-called software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010.
According to a joint report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.
Millions of Magecart instances were detected over time, security experts discovered tens of software skimming scripts.
In a report recently published by RiskIQ, experts estimate that the group has impacted millions of users. RiskIQ reports a total of 2,086,529 instances of Magecart detections, most of them are supply-chain attacks.
Differently from other Magecart groups, the MG5 specializes in supply chain attacks.
Malwarebytes researchers analyzed a number of domains involved in campaigns associated with the Magecart Group 5 and for those ones registered before the GDPR took effect they discovered that the registrant is connected to Dridex phishing campaigns and the Carbanak group.
The domains analyzed by the experts were registered via the well-known Chinese bulletproof registrar BIZCN/CNOBIN. Experts noticed that the attackers registered the domain
These data were associated with other domains, many of which connected to Dridex phishing campaigns.
Experts also highlighted that the registrants’ phone address for the informaer.info domain (+86.1066569215) is mentioned by Brian Krebs in a blog post exploring connections between
The post Experts believe the Magecart Group 5 could be linked to the Carbanak APT appeared first on Security Affairs.