The group is using the More_eggs JScript backdoor to anchor its attack.
The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale (PoS) data in the U.S. and Europe, has changed up its tactics to target e-commerce sites.
According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), FIN6 (a.k.a. ITG08) has been spotted injecting malicious card-skimming code into online checkout pages of compromised websites. The code steals payment-card data as it’s entered into shopping-cart forms.
However, that’s only part of the story. To inject the code, FIN6 first gains access to a target environment to install a backdoor – before pivoting and stealing additional information from throughout the victim network.