Between 9 and 20 May 2022, RiskIQ detected 198 Magecart and skimmer injected URLs, and detected 98 unique C2 domains used by known Magecart threat actors. Note that many of these URLs are legitimate, compromised websites. The full URL should be considered and the domain itself is not necessarily malicious. Also, note that some C2 domains may be compromised, legitimate domains when establishing current maliciousness. See RiskIQ’s most recent reporting on Magecart in the references.
Fake reCAPTCHA forms dupe users via compromised WordPress sites
Threat actors have launched a campaign that starts with compromised WordPress sites and leads to fake reCAPTCHA sites.
Fortinet’s FortiGuard Labs captured a phishing campaign that was delivering three fileless malware onto a victim’s device. Once executed, they are able to steal sensitive information from that device.
SYK Crypter Distributing Malware Families Via Discord
As Discord’s popularity surges, a new SYK crypter is being used to deliver malware families via the community chat platform.
Ransomware Spotlight: RansomEXX
RansomEXX is a ransomware variant that gained notoriety after a spate of attacks in 2020 and continues to be active today. Trend Micro looks at RansomEXX’s tactics, techniques, and procedures.