restore-metamask.com Used to Steal Entire Crypto Wallets

restore-metamask.com Used to Steal Entire Crypto Wallets
The malicious domain restore-metamask.com was used to steal existing crypto wallets of metamask.io users. It also allowed new wallets to be created and cryptocurrencies deposited to the new wallet, but it would ultimately go to the attackers.
Read more →

wss://hotjar[.]info skimmer

wss://hotjar[.]info skimmer
A twist on the old ‘analytics code’ camouflage used by some skimmers to evade detection.
Read more →

analiticsweb.site (zulhqmnr@netmail[.]tk) skimmer

analiticsweb.site (zulhqmnr@netmail[.]tk) skimmer
A JavaScript skimmer that loads from analiticsweb[.]site/analytics.js - and opsec failure leads to discovery of more malicious domains.
Read more →

lolzilla Skimmer: PHP or JS?

lolzilla Skimmer: PHP or JS?
lolzilla skimmer analyzes a visitor’s HTTP request to determine whether it can capture the visitor’s payment data using a PHP skimmer or if it should deploy a JavaScript skimmer onto the checkout page to capture the data.
Read more →

_try_action Skimmer Sends Stolen Data To cdn-frontend.com

_try_action Skimmer Sends Stolen Data To cdn-frontend.com
_try_action is a JavaScript skimmer and exfiltrates the stolen payment data to fake PNG image file at cdn-frontend.com/stat/pix.png
Read more →
Disclaimer: The research posted on this website is for information purposes only. Do not use it for illegal purposes.