A cybercrime organization known for targeting e-commerce websites released a "multi-stage suspicious campaign" earlier this year designed with an aim to distribute information stealers and JavaScript-based payment skimmers.

In a recent report, it was asserted that the Singapore-based cyber security firm Group-IB featured the operation to the same group that has been linked to a separate attack aimed at online merchants using password-stealing virus to infect their websites with FakeSecurity JavaScript-snouts.

The campaign progressed in four waves, starting in February and ending in September, with the operators relying on specially-crafted phishing pages and lure documents laced with suspicious macros.

Researchers understood that the ultimate aim of the attack, the researchers noted, was to steal payment and user information through innumerable attack vectors and tools to deliver the virus.

The fake web pages were created using the Mephistophilus phishing kit which allows attackers to create and place phishing landing pages engineered for distributing virus.

Raccoon comes with a broad range of capabilities and communicates with a command-and-control (C2) server to siphon information that includes screenshots, credit card information as well as crypto currency.

Raccoon avoids the blocking of active C2 servers by making a request to a Telegram channel ("blintick") in order to receive the coded address of the C2 server.

AveMaria RAT, likewise, is capable of ensuring persistence, recording keystrokes, injecting suspicious code, and stealing sensitive files, among others.

The rental price for Vidar stealer ranges from $250 to $300 per month but the latter costs $200 a month to use.