According to security researchers, a new Magecart threat actor is using a browser script to evade detection and increase attack success, seeking to steal credit card information. The threat group is stealing payment card information using a digital skimmer equipped with a unique method of bypassing virtual machines. Malwarebytes was the first to discover the new campaign, which creates an additional browser process that leverages he WebGL JavaScript API to check a user’s machine to ensure it is not running on a VM.
Magecart is an umbrella term used by security experts to identify all threat groups who seek to compromise e-commerce sites with card skimming tactics embedded in checkout pages, ultimately hoping to steal customer payment and personal data. Magecart activity is highly familiar to security researchers, and therefore these groups are consistently creating new detection evasion techniques.
Read More: Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar