IBM researchers are warning that Magecart actors have been testing malicious card skimming scripts on Layer 7 (L7) routers that are used on large networks to govern traffic based on information like cookies, domain names and browser types in addition to IP addresses, which are used by regular routers. Magecart is an umbrella term for various criminal groups that aim to steal payment card information using malware.
Previous Magecart attacks only targeted websites, but IBM recently discovered Magecart scripts on L7 routers. The scripts were written to steal payment card information from web shops and sent the data to a web server controlled by the attackers. A total of 17 scripts were uncovered.
Read more: Hackers looking into injecting card stealing code on routers, rather than websites