As per reports, a hacker group has broken into at least 570 e-commerce stores in 55 countries, including India in the last three years, that has leaked information on more than 184,000 stolen credit cards and has generated more than $7 million from selling compromised payment cards.
Popularly knows as ‘Keeper’, this group has been stealing information from such online stores that include Mumbai-based online jewellery store ejohri.com which was allegedly hacked and compromised this year. According to Gemini threat intelligence firm, more than 85% of the victim sites had operated on Magento CMS, which is known to be the top target for Magecart attacks and it also boasts more than 250,000 users worldwide.
Most of these e-commerce victim sites were from the US, which was followed by the UK and the Netherlands. Some of the hacked ones by these websites are online bicycle merchant milkwayshop.it, Pakistan-based clothing alkaramstudio.com, Indonesia-based Apple product reseller ibox.co.id, and US-based premier wine and spirits seller cwspirits.com, along with the others.
Also, it’s learnt that there have been compromises by the Keeper ‘Megacart’ group with hundreds of domains and they also likely had extracted payment card information from many more that are yet to be uncovered. The report said that with the revenue that is likely to exceed $7 million have increased cybercriminal interest in CNP (Card Not Present) data during the COVID-19 quarantine measures across the world, and also that this group’s market niche appears to be secure and profitable.
Also, it’s highly likely that Keeper would be continuing to launch increasingly sophisticated attacks against online merchants all across the world. This detail was first uncovered by Gemini, where they identified an unsecured access log on Keeper control panel with around 184,000 compromised cards with timestamps that ranged from July 2018 to April 2019.
The report further said that extrapolating the number of cards per nine months to Keeper’s overall lifespan, and also given the dark web median price of $10 per compromised Card Not Present (CNP), this group has probably generated upwards of $7 million USD from selling compromised payment cards.
The further analysis states that in mid-2020, Megacart attacks have become almost a daily occurrence to small medium-sized e-commerce companies. One of the major concerns is that of operating on an outdated content management system (CMS), utilising unpatched add ons, and also having administrators’ credentials that get compromised through sequel injections that leaves e-commerce merchants vulnerable to a variety of attack vector.
There have been thousands of Magecart attacks (ranging from simple to dynamic injection of malicious code using a criminally hosted domain) stretching to leveraging Google Cloud or GitHub storage devices and also using steganography for embedding malicious payment card-stealing code into an active domain’s logos and images have been uncovered by the Gemini team.