New malware is targeting E-commerce platforms in U.S., Germany, and France. The malware attacks the Nginx servers to conceal its identity and go undetected by security solutions.

“This novel code injects itself into a host Nginx application and is nearly invisible,” the Sansec Threat Research team said in a new report. “The parasite is used to steal data from eCommerce servers, also known as ‘server-side Magecart.'”

Ngnix, a free and open-source software, is a web server that can be used for reverse proxy, load balancer, mail proxy, and HTTP cache. NginRAT, the advanced malware, hijacks a host Nginx application to plant itself into the webserver.

CronRAT is used for delivering the remote access trojan. CronRAT is another malware reported by a Dutch cybersecurity firm, which embeds itself in malicious payloads in cron jobs.

Magecart or web skimming, the name for attacks together, is used by a cybercrime syndicate, and the syndicate comprises dozens of subgroups that are involved in digital credit card theft by exploiting software vulnerabilities to gain access to an online portal’s source code and insert malicious JavaScript code that siphons the data shoppers enter into checkout pages.

Skimmer groups are growing rapidly and targeting various e-commerce platforms using a variety of ways to remain undetected,” Zscaler researchers noted in an analysis of the latest Magecart trends published earlier this year.

“The latest techniques include compromising vulnerable versions of e-commerce platforms, hosting skimmer scripts on CDNs and cloud services, and using newly registered domains (NRDs) lexically close to any legitimate web service or specific e-commerce store to host malicious skimmer scripts.”