Malwarebytes announced in a Tuesday analysis that two malware domains of the newly discovered Magecart skimming campaign, “scanalytic[.]org” and “js.staticounter[.]net” , are part of a broader infrastructure used to carry out intrusions.
The earliest evidence of the campaign’s activity, based on the additional domains uncovered, suggests it dates back to at least May 2020.
Jérôme Segura, director of Threat Intelligence at Crunchbase said: “We were able to connect these two domains with a previous campaign from November 2021 which was the first instance to our knowledge of a skimmer checking for the use of virtual machines.”
It is unclear if Magecart is an organization with direction or simply unconnected groups who use the same method of attack.
In 2015 the attacks gained notoriety for singling out the Magneto commerce platform. Since then the syndicate has expanded to a notable WordPress plugin named WooCommerce.
“Attackers follow the money, so it was only a matter of time before they shifted their focus toward the most popular e-commerce platform on the web,” Sucuri’s Ben Martin noted.