Magento-analytics[.]com is registered in Panama, but recently shifted to the US, Russia, and then finally China. This prompted the team to check out what the domain's purpose was, and they found a range of JS scripts used to skim financial data.
The scripts themselves are similar and appear to be simple, containing little more than a timer, TrySend functions to fetch credit card information, and a SendData call for reporting the data to the operator's command-and-control (C2) server.
The campaign is reminiscent of Magecart, a well-known cybercriminal group which has been connected to credit card skimming attacks against high-profile targets including British Airways, TicketMaster, and OXO International.
Last week, Trend Micro said the hacking group had managed to implant credit card stealing malware in 201 online stores linked to 176 colleges and universities in the US, as well as 21 academic institutions in Canada.
These are the worst hacks, cyberattacks, and data breaches of 2018