WTB: Slack Bug Allows Remote File Hijacking, Malware Injection
Get COVID-19 Cyber Security Resources Learn More

Weekly Threat Briefing: Slack Bug Allows Remote File Hijacking, Malware Injection

May 21, 2019 | Anomali Threat Research Team

The intelligence in this week’s iteration discuss the following threats: Data theft, Banking malware, Magecart, RCE, Threat group, targeted attacks, Website compromise, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial

MageCart Timeline of Malicious Activity

MageCart is a particularly interesting threat group because of the sheer amount of sites, approximately 100,000, they have either compromised or successfully skimmed card credentials from since being first identified in 2015. The name MageCart refers to multiple groups, according to RiskIQ. It appears that MageCart is a collective term used to track payment information-stealing activity from at least 12 separate groups. Researchers also point out that Group 9 was interfering Group 3’s skimmer by manipulating the last credit or debit card number, which appears to indicate that MageCart is indeed an umbrella term used to track malicious activity. It may be difficult for individuals to determine separate groups because some of the groups use similar and common data-stealing methods, however, RiskIQ does note their methodology in their joint paper with Flashpoint on how they identify the different groups.

Anomali Threat Research Team
About the Author

Anomali Threat Research Team

Subscribe to the Anomali Newsletter—get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now