Magecart malware dropper leaks list of targeted stores
Threat actors used dropper to deploy RAT (remote access trojan) on a compromised store websites, that are used to regain access to the online servers. After connecting to the stores, attackers deploy credit card skimmer scripts that steal customers' personal data in digital skimming attacks (also known as Magecart). Unnamed trojan used by the attackers disguised itself as a DNS or an SSH server daemon so that it doesn't stand out in the server's process list. However, hackers made a mistake and inclded a list of hacked online stores within their dropper's code. Read more...