Just as seasonal online shopping kicks into high gear, new variants of the point-of-sale Grelos skimmer malware have been identified. Variants are targeting the payment-card data of online retail shoppers on dozens of compromised websites, researchers warn. The Grelos skimmer malware has been around since 2015, and its original version is associated with what are called Groups 1 and 2 under the prolific Magecart umbrella of loosely organized cybercriminals. However, over time new actors began to co-opt the Grelos skimmer and reuse some of the original domains used to host the malware. This has accumulated into what researchers say is a unique overlap in infrastructure for the most recent variants of the skimmer between Grelos and Magecart. In a new analysis, researchers said that a cookie found on a compromised website led to the discovery of Grelos – and they were then able to find links between new variants because they had matching infrastructure and identical records on the WHOIS query and response protocol (widely used for querying databases). “Recently, a unique cookie allowed RiskIQ researchers to connect a recent variant of this skimmer to an even newer version that uses a fake payment form to steal payment data from victims,” said researchers with RiskIQ in an analysis this week. “Domains related to this cookie have compromised dozens of sites so far.” The Skimmer Variant The new variants of the skimmer first appeared when researcher Affable Kraut documented it…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-11-20 12:23:002020-11-20 12:23:00New Grelos Skimmer Variants Siphon Credit Card Data
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org