The various Magecart groups that RiskIQ has uncovered have been responsible for skimming credit card data from numerous sites, the last being the blender manufacturer NutriBullet.
The new group was discovered on 24 January, RiskIQ researchers Jordan Herman and Mia Ihm said in a blog post in which they provided technical details about the working of the group.
Since then, they said they had found different versions of the skimmer, ranging from what appeared to be development versions to more advanced ones that used encrypted obfuscation.
"In some cases, we’ve seen MakeFrame using compromised sites for all three of its functions—hosting the skimming code itself, loading the skimmer on other compromised websites, and exfiltrating the stolen data," they said.
"There are several elements of the MakeFrame skimmer that are familiar to us, but it’s this technique in particular that reminds us of Magecart Group 7."
In October last year, RiskIQ issued a study of 2,086,529 attacks, saying it had detected 18,000 hosts that were directly breached.
"This latest skimmer from Group 7 is an illustration of their continued evolution, honing tried and true techniques and developing new ones all the time," Herman and Ihm said.
"They are not alone in their endeavours to improve, persist, and expand their reach. RiskIQ data shows Magecart attacks have grown 20% amid the COVID-19 pandemic.
"With many homebound people forced to purchase what they need online, the digital skimming threat to e-commerce is as pronounced as ever.
"As we saw in the attacks on NutriBullet and other victims, there are a variety of ways to attack the functionality of a website. Operatives with the right know-how and enough time will find them."