Skimming a Little Off the Top: ‘Meyhod’ Skimmer Hits Hair Loss Specialists

In October, RiskIQ discovered what we believe to be a new Magecart skimmer placed on several e-commerce sites, including websites for the well-known hair treatment company Bosely and the Chicago Architecture Center (CAC), one of Chicago's largest cultural organizations. The skimmer was or has been on both these sites for several months.

RiskIQ researchers have dubbed the skimmer used in these attacks "Meyhod," after a mistyped function in the skimming code. Meyhod itself is simple compared to the Magecart skimmers we've recently analyzed, such as the new variant of the Grelos skimmer and the Ant and Cockroach skimmer. However, Meyhod is carefully crafted to blend in with victim sites' appearance and functions, indicating experienced Magecart operators wield it.

The Meyhod skimmer works by appending code to seemingly benign JavaScript resources ranging from commonly used JavaScript libraries to custom code. These resources have been embedded in cart and checkout pages using script tags that could easily be mistaken for an ordinary call to a library.  

Article Link: https://www.riskiq.com/blog/labs/magecart-meyhod-skimmer/