Quote:Researchers have observed a new skimmer from the prolific Magecart Group that has been actively harvesting payment-card data from 19 different victim websites, mainly belonging to small- and medium-sized businesses (SMBs), for several months.
RiskIQ researchers first discovered the skimmer, dubbed MakeFrame for its use of iframes to skim data, on Jan. 24. Since then, they’ve captured several different versions of the skimmer with “various levels of obfuscation,” researchers Jordan Herman and Mia Ihm wrote in a blog post published Thursday.
The versions range from from development versions in clear code to finalized versions using encrypted obfuscation, they wrote.
“This version of the skimmer is the classic Magecart blob of hex-encoded terms and obfuscated code,” Herman and Ihn wrote. “It is nestled in amongst benign code to blend in and avoid detection.”
MakeFrame also leeches off the compromised site for its functionality, a technique that in particular alerted researchers that MakeFrame is most likely the work of Magecart Group 7. And, targeting SMB sites, as MakeFrame does, also is indicative of Magecart Group 7 activity, researchers said.
“In some cases, we’ve seen MakeFrame using compromised sites for all three of its functions — hosting the skimming code itself, loading the skimmer on other compromised websites and exfiltrating the stolen data,” Herman and Ihm wrote.
Read more: https://threatpost.com/emerging-makefram...bs/154374/
![[-]](https://www.geeks.fyi/images/collapse.png)
