New research by Malwarebytes connects Magecart Group 5, one of the most prominent payment card skimming threat actors, to the notorious Carbanak threat group. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the payment card information of visitors.
Magecart 5 is known for the 2018 Ticketmaster breach and other supply-chain attacks targeting e-commerce companies. By compromising one vendor’s code that is used by many other websites, Magecart 5 can target the customers of many web shops at the same time. According to Malwarebytes, “this kind of supply-chain attack, where thousands of stores are loading altered code, have a much higher return than individually targeting stores.”
An investigation of the domains used by Magecart 5 revealed links between this group and the Carbanak Gang (aka. Cobalt) that mainly targets financial institutions using its custom Carbanak backdoor as well as the Dridex banking Trojan. Figures released by Europol show that Carbanak has attacked banks in over 40 countries.
Read more: Magecart 5 Linked to Carbanak Gang