Magecart Group 12: End of Life Magento Sites Infested with Ants and Cockroaches

New RiskIQ research identified Magecart's 'Ant and Cockroach' skimmer as a common denominator in the September attacks on Magento 1 and widely reported recent threat activity surfaced by RiskIQ, Malwarebytes, Sucuri, Sansec, and others.

Since August of 2019, the Ant and Cockroach skimmer is Magecart Group 12's most-used skimmer. However, until now, slight tweaks to the skimmer and innovative obfuscation techniques have kept parallels between many of the group's attacks hidden.

Coupling OSINT with RiskIQ data and analysis, RiskIQ created a throughline connecting Magecart activity once thought to be unrelated via Group 12's favorite tool and techniques. Download the report for a full breakdown of Magecart Group 12 and how its infrastructure was involved in Magecart attacks reported across the cybersecurity community.

The report includes:

  1. Detailed analysis of the Ant and Cockroach skimmer and its many variations, including how a cybersecurity practitioner can identify it in their environment
  2. An analysis of Group 12's obfuscation techniques, including the distinctive "radix" obfuscation
  3. Details of Magecart Group 12's recent activity, including how it ties into RiskIQ's past analysis of the group, and activity surfaced by Securi, Malwarebytes, and more

Download the Report