No Cookies for CartThief, a New Magecart Variant

[silversurfer]

A new variant of the Magecart attacks has been targeting smaller e-commerce operations, according to The Media Trust’s digital security and operations (DSO) team.
Researchers found a new type of malware that targets payment pages on legitimate Magento-hosted retail sites. Dubbed CartThief, the malware’s behavior is similar to that of the current iteration of the Magecart malware.

As soon as credit card information is entered into a checkout page and a payment is submitted, the malware collects, encrypts and sends personally identifiable (PII) and financial information to the malicious actors’ command-and-control server.
What sets this malware apart is the method used to encode or obfuscate the malicious domain and the PII data collection activity. To avoid arousing suspicion and sneak past many blocking technologies, there are no user-identifying cookies or source codes to set off alarms for users. The absence of cookies is one feature that differentiates CartThief from other Magecart variants.

Source: https://www.infosecurity-magazine.com/ne...ief-a-new/