Switching side jobs: Links between ATMZOW JS-sniffer and Hancitor

The hacker group ATMZOW and its JavaScript-sniffer became known in 2020, thanks to the Malwarebytes researchers, when the group installed a JS sniffer on a website that was collecting donations for victims of the Australia bushfires.

However, based on a specific obfuscation technique used by the group, we can track its activities back to 2015 as “Magento Guruincsite malware”. Moreover, one of the first domain names, used by the group, was created in 2016.

According to Group-IB Threat Intelligence data, ATMZOW has successfully infected at least 483 websites belonging to the domain zones of Italy, Germany, France, UK, Australia, India, Brazil etc. since the beginning of 2019.

Read more…
Source: Group-IB