MAGECART GROUP 12: toolser.pw skimmer

MAGECART GROUP 12: toolser.pw skimmer
This PHP code injection is used to selectively inject the JavaScript skimmer that is loaded from toolser.pw (recently had been using pathc.space).
Read more →

wss://hotjar[.]info skimmer

wss://hotjar[.]info skimmer
A twist on the old ‘analytics code’ camouflage used by some skimmers to evade detection.
Read more →

analiticsweb.site (zulhqmnr@netmail[.]tk) skimmer

analiticsweb.site (zulhqmnr@netmail[.]tk) skimmer
A JavaScript skimmer that loads from analiticsweb[.]site/analytics.js - and opsec failure leads to discovery of more malicious domains.
Read more →

lolzilla Skimmer: PHP or JS?

lolzilla Skimmer: PHP or JS?
lolzilla skimmer analyzes a visitor’s HTTP request to determine whether it can capture the visitor’s payment data using a PHP skimmer or if it should deploy a JavaScript skimmer onto the checkout page to capture the data.
Read more →

PHP skimmer -> secure-authorize.net (malicious)

PHP skimmer - secure-authorize.net (malicious)
A PHP skimmer that exfiltrates the stolen payment data to a fake DLL file on the malicious domain secure-authorize.net.
Read more →
Disclaimer: The research posted on this website is for information purposes only. Do not use it for illegal purposes.