E-commerce sites around the world could be at risk from this major threat

Different threat actors are competing for the same resources

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers have discovered a criminal group utilizing acredit cardskimmer that piggybacks on top of a pre-existing well-known exploit.

The new method of attack builds on the Magento 1 campaign already known to be affecting large numbers ofe-commercesites. In late 2020, Malwarebytes identified numerous Magento 1 website being hacked, largely becauseAdobehad recently decided to stop supporting the platform.

Often they were injected with a credit card skimmer, whichMalwarebytesfound is being used to develop further exploits.

“While monitoring activities tied to this Magento 1 campaign, we identified an e-commerce shop that had been targeted twice by skimmers. This in itself is not unusual, multiple infections on the same site are common,” Jérôme Segura, head of threat intelligence at Malwarebytes, said. “However this case was different. The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer. That second skimmer will simply harvest credit card details from the already existing fake form injected by the previous attackers.”

Criminals in competition

The discovery of the secondary exploit is interesting as it sets criminal groups up against one another. In some of the examples found by Malwarebytes, threat actors place their own alternate version of the original skimmer on a site in the event of administrators removing the original malicious script.

Alternatively, the secondary skimmer may simply reflect that different code injections have different levels of access. In this case, the second group of criminals simply takes credentials from the first group’s fake forms.

Malwarebytes has informed the relevant e-commerce sites when it has discovered credit card skimmers in place. E-commerce sites are advised to install the latest web protection software to prevent cybercriminals from implementing these types of exploits.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Given that credit card details are one of the most valuable pieces of information that can be stolen from a site, it is hardly surprising that threat actors are starting to compete with one another for victims' credentials.

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’