25 Sep, Sunday
20° C

Card Skimmer Group Using Raccoon Info-Stealer Siphon Data

A cybercrime group known for targeting e-commerce websites unleashed a “multi-stage malicious campaign” earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers.

In a new report published today and shared with The Hacker News, Singapore-based cybersecurity firm Group-IB attributed the operation to the same group that’s been linked to a separate attack aimed at online merchants using password-stealing malware to infect their websites with FakeSecurity JavaScript-sniffers (JS-sniffers).

The campaign progressed in four waves, starting in February and ending in September, with the operators relying on specially-crafted phishing pages and lure documents laced with malicious macros to download Vidar and Raccoon information stealers onto victim systems.

The ultimate goal of the attack, the researchers noted, was to steal payment and user data via several attack vectors and tools to deliver the malware.

The fake web pages were created using the Mephistophilus phishing kit, which allows attackers to create and deploy phishing landing pages engineered for distributing malware.

“Attackers sent links to fake pages that informed victims about a missing plugin required to display the document correctly,” Group-IB researchers explained in an analysis of the cybercrime group’s tactics last November. “If a user downloaded the plugin, their computer was infected with the password-stealing malware.”

Read more at Source – The Hacker News

Post a Comment