Meyhod Skimmer Description
Infosec researchers have detected a new Magecart-type attack. The deployed threat was named Meyhod Skimmer and was discovered lurking on multiple e-commerce websites. Among the victims are Bsley, a popular company for hair-treatment products, and the Chicago Architecture Center (CAC), one of the biggest cultural organizations in that city. Not only was the Meyhod Skimmer embedded into the affected websites successfully, but it managed to remain there for multiple months without being detected.
Analysis revealed that the Meyhod Skimmer is not nearly as complex as some of the other recent Magecart threats, such as the latest Grelos skimmer variants or the Ant and Cockroach skimmer. Being relatively simplistic is not a detriment, in this case, as the hackers responsible for unleashing Meyhod had plenty of experience in this type of operation, obviously. They crafted the threat meticulously to make it extremely efficient in blending in with the victim's website environment. In fact, infosec researchers observed that each infected website contained a Meyhoid Skimmer threat that displayed slight variations in its code, indicating that the cybercriminals took the time to customize their malware tool for the specific target.
The Meyhod Skimmer shows that the landscape of Magecart-style attacks is still evolving, with cybercriminals adopting different techniques radically. The end goal has remained the same, though - breaching sensitive payment information by compromising e-commerce websites.
Meyhod points to the ever-evolving and expanding Magecart landscape encompassing theft of payment information via compromised e-commerce websites.