RiskIQ: Magecart Injected URLs and C2 Domains, May 9-20, 2022

Between 9 and 20 May 2022, RiskIQ detected 198 Magecart and skimmer injected URLs, and detected 98 unique C2 domains used by known Magecart threat actors. Note that many of these URLs are legitimate, compromised websites. The full URL should be considered and the domain itself is not necessarily malicious. Also, note that some C2 domains may be compromised, legitimate domains when establishing current maliciousness. See RiskIQ’s most recent reporting on Magecart in the references.

Fake reCAPTCHA forms dupe users via compromised WordPress sites

Threat actors have launched a campaign that starts with compromised WordPress sites and leads to fake reCAPTCHA sites.

Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part I | FortiGuard Labs 

Fortinet’s FortiGuard Labs captured a phishing campaign that was delivering three fileless malware onto a victim’s device. Once executed, they are able to steal sensitive information from that device.

SYK Crypter Distributing Malware Families Via Discord

As Discord’s popularity surges, a new SYK crypter is being used to deliver malware families via the community chat platform.

Ransomware Spotlight: RansomEXX

RansomEXX is a ransomware variant that gained notoriety after a spate of attacks in 2020 and continues to be active today. Trend Micro looks at RansomEXX’s tactics, techniques, and procedures.

RiskIQ: Magecart Injected URLs and C2 Domains, May 9-20, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top