GorgonAgora fake .shop card-skimming campaign
Campaign
Summary
Hide ▲
Show ▼
The GorgonAgora campaign is using 5,714 fake .shop storefronts to steal payment data, widening card-theft risk across brand-impersonation checkout pages. The operation has been active since August 2025 and routes stolen card data to a single skimmer server in Moldova. It impersonates major brands including Starbucks, Ford, Sony, Mattel, Hasbro, Lego, Disney, and Toyota.
Related Happenings
Magecart Stripe and Google Tag Manager card-skimming campaign
Campaign
First: 04.06.2026 23:47
Last: 04.06.2026 23:47
Sources 1
About this happening:
The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...
Magecart Stripe and Google Tag Manager card-skimming campaign
CampaignAbout this happening: The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...
Obfuscated web skimmer payload targeting Stripe checkout forms
Malware Activity
First: 13.01.2026 19:30
Last: 13.01.2026 19:30
Sources 1
About this happening:
**Silent Push** disclosed a **Magecart**-style **web skimming campaign** that has operated since **2022** and targets **e-commerce checkout pages** tied to at least **six major pa...
Obfuscated web skimmer payload targeting Stripe checkout forms
Malware ActivityAbout this happening: **Silent Push** disclosed a **Magecart**-style **web skimming campaign** that has operated since **2022** and targets **e-commerce checkout pages** tied to at least **six major pa...
Major web skimming campaign targeting payment networks
Campaign
First: 13.01.2026 19:30
Last: 13.01.2026 19:30
Sources 1
About this happening:
A **long-running Magecart web-skimming campaign** has been active since **2022** and targets checkout flows tied to **American Express, Diners Club, Discover, JCB, Mastercard, and...
Major web skimming campaign targeting payment networks
CampaignAbout this happening: A **long-running Magecart web-skimming campaign** has been active since **2022** and targets checkout flows tied to **American Express, Diners Club, Discover, JCB, Mastercard, and...
Holiday-season phishing and stolen e-commerce login surge ahead of Black Friday
Trend
First: 26.11.2025 06:29
Last: 26.11.2025 06:29
Sources 1
About this happening:
**Holiday-themed phishing** is intensifying against **e-commerce shoppers** ahead of **Black Friday** and **Christmas**, with defenders seeing **at least 750 malicious domains** r...
Holiday-season phishing and stolen e-commerce login surge ahead of Black Friday
TrendAbout this happening: **Holiday-themed phishing** is intensifying against **e-commerce shoppers** ahead of **Black Friday** and **Christmas**, with defenders seeing **at least 750 malicious domains** r...
Timeline
-
05.06.2026 11:38 2 articles · 14h ago
Initial report: GorgonAgora fake .shop card-skimming campaign
Initial DisclosureThe first visible phase paired brand-impersonation storefronts with a shared checkout skimmer that funneled stolen card data to Moldova. The operation has continued since **August 2025** and expanded across thousands of storefronts.
Show sources
- Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites — thehackernews.com — 05.06.2026 11:38
- Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites — thehackernews.com — 05.06.2026 11:38