The attackers acquired the domain tracker.web-cockpit[.]jp, which belonged to a free web marketing and analytics service that was discontinued in December 2014.
The original JavaScript library was called Cockpit and it was replaced with a malicious web skimming script. Jscrambler researchers told Help Net Security that the attackers made no attempt to make it look like the original script or disguise it in any other way.
The old Cockpit script was loaded by another script placed on e-commerce websites. Depending on the referrer header value, which indentifies the webpage from where it is fetched, the domain would serve either no script, a default skimmer, or a specific skimmer.
The default skimmer would run on the ...
read more
The original JavaScript library was called Cockpit and it was replaced with a malicious web skimming script. Jscrambler researchers told Help Net Security that the attackers made no attempt to make it look like the original script or disguise it in any other way.
The old Cockpit script was loaded by another script placed on e-commerce websites. Depending on the referrer header value, which indentifies the webpage from where it is fetched, the domain would serve either no script, a default skimmer, or a specific skimmer.
The default skimmer would run on the ...
read more