HQ/EMEAFind out how we can help your business
A newly discovered Magecart skimming operation uses a skimming malware called Kritec. This new campaign utilises Google Tag Manager to obfuscate the malware. Researchers found the name of the latest malware in its operators’ previously used Cloudflare domain.
Researchers explained that the Kritec skimming malware exploits the GTM script to infect Magento stores. In some incidents, the new cybercriminal operation suffered several skimming malware strains, including Kritec.
The threat actors applied an obfuscation technique that heavily hides the Kritec skimmer code. Analysts claimed that the tool is obfuscator[.]io that contains a Base64 algorithm to disguise the malware’s identity.
Subsequently, the threat actors will send the stolen data via WebSocket skimmer and Post a request once they successfully execute the malware on the targeted website.
The Kritec infection campaign that uses the Google Tag Manager could worsen soon.
According to investigations, web skimmers like Kritec have been prevalent for several months. GTM has paved the way for many threat groups to deploy their attacks.
Earlier this year, a liquor store in Canada became a victim of a web-skimming campaign that allowed the threat actors to steal customers’ credit card information during checkout. The researchers discovered that the infected webs skimmer is an inline script disguised as an authentic Google Analytics Tag.
In addition, researchers exposed three significant strains of compromised skimmers inside the GTM containers last year. The attackers used the skimmers to harvest troves of payment card data and customers’ personal information that use e-commerce websites.
A cybercriminal campaign last year compromised more than 300 online stores and stole 80,000 user data. The adversary secretly used GTM to drop their skimming codes on the owners’ sites.
Cybersecurity experts noted that Magecart skimming attacks have evolved and become more sophisticated. The exploitation of Google Analytics Tags to obfuscate the skimmers has become the primary weapon of attackers.
E-commerce site owners and admins should know the IOCs for these skimming attacks, especially for this fast-emerging Kritec malware.
