A new skimmer variant has been detected, focusing on the highly muddy water-related to tracing groups involved in Magecart-based incidents. RiskIQ researchers say that the new Grelos skimmer has increasingly shown overlaps with Magecart groups and infrastructure. These malware and other skimmers are now hosted on domain architecture already used by multiple groups or connected on WHOIS records. They have known phishing campaigns, and crossovers are created by deploying other malware that can prove difficult to separate.
Magecart is the common term used to describe all data-stealing threat actors and campaigns specialized in stealing payment card data from websites.