MageCart Hacker Groups Began to Fight Each Other – Immediately two well-known information security specialist, Willem de Groot ( Willem de Groot ) and Jerome Segura from Malwarebytes ( Jérôme Segura ), found that the competition in the field of attacks MageCart is intensifying.
Last week, analysts from RiskIQ and Flashpoint presented a joint report on the attacks of MageCart, in which they described the groups operating by such methods and their tactics. Experts stressed that in recent times, MageCart attacks have become a cover for many hacker groups and have listed seven of the most active and visible ones.
Now, Segura and de Groot have found that among the MageCart hackers, the struggle has begun for a “place in the sun.” If we use the terminology of RiskIQ experts who assigned sequence numbers to the groupings, it turns out that Group 9, which appeared on the scene recently, actively interferes with its competitors, in particular, the activities of Group 3, which attacks websites and payment systems in South American countries.
Experts say that Group 9 has added a special code to its “skimmer” that searches for domains related to competitors’ operations. When such domains are discovered, the Group 9 malware does not just interfere with competitors’ scripts, but comes more sophisticated and spoils the data that the Group 3 collects. Thus, the Group 9 skimmer interferes with what is happening and replaces the last figure in generating it randomly.
Segura suggests that in this way the members of Group 9 want not only to hinder the work of a competitor, but to spoil the reputation of Group 3. The fact is that after stealing bank card numbers are put up for sale on the black market, but at the same time Group 3 did not seem to suspect that part of her “product” was corrupted, and was selling invalid data. “Over time, buyers will realize that they bought non-performing bank cards, after which they no longer trust this seller,” Segura writes.
Currently, experts have found the “skimmers” of Groups 9 and 3 in the sports store Umbro Brazil, as well as in the cosmetic Bliv [.] Com.
Experts believe that further it will only get worse, because web skimming has already gained considerable popularity in criminal circles, and the clash between Groups 9 and 3 suggests that in the future competition in this area will only become tougher, because different skimming “sets” already available to everyone, with any level of training.