Nearly 600 Online Retailers Hit with Credit Card Stealing Malware - Protect Yourself Now

Nearly 600 Online Retailers Hit with Credit Card Stealing Malware - Protect Yourself Now

A new group of cybercriminal credit card thieves has targeted more than 570 online retail websites (some of them quite well-known) over a three-year period and made millions of dollars.

According to security firm Gemini, the "Keeper" Magecart group has made about $7 million by selling details of perhaps 700,000 stolen credit cards on the dark web and has been active in 55 countries since April 2017.

With the rapid growth of the e-commerce industry, Magecart attacks, also known as digital skimming attacks, are becoming more common.

These attacks occur when cybercriminals inject malicious code into the source code of a retail website to record a customer's credit card information as it is entered.

The name Magecart comes from one of the first groups to use this technique to steal large numbers of credit cards from websites. That group targeted websites running Magento, an open source e-commerce framework with about 250,000 users worldwide, and has since become a common term.

According to security researchers at Gemini, the Keeper group consists of "an interconnected network of 64 attacker domains and 73 exfiltration domains," all of which "use the same login panel and are linked to the same dedicated server."

They are "all linked to the same dedicated server using the same login panel.

They found that the servers "host both malicious payloads and leaked data stolen from victims' sites."

The majority (85%) of the sites compromised by the hackers used Magneto's e-commerce platform and were based primarily in the United States, United Kingdom, and the Netherlands. A number of sites were also based in Australia and France.

A complete list of the compromised websites can be found on Gemini's website. Few of them are from internationally known companies, but they include well-known British brand The Body Shop, the Canadian site of U.S. apparel brand Columbia Sportswear, British sportswear retailer Umbro, U.S. country singer Alan Jackson's official website, the official AP Stylebook website used by most U.S. journalists, and a British equestrian fashion site with the striking name "Horses with Attitude."

To prevent your credit card from being compromised while shopping online, you may want to look into services that provide a one-time card number for individual purchases.

It also helps to run the best anti-virus program on your PC or Mac.

In general, credit card statements should also be checked at least once a month and any anomalies should be reported to the card issuer immediately. At least in the U.S., it is rare for a credit card holder to be left with a bill if someone else has misused the card.

Gemini claims that the perpetrators kept details of 184,000 compromised credit cards, with time stamp dates ranging from July 2018 to April 2019.

"Based on the number of cards provided that were collected during the nine-month window and considering the group's operations since April 2017, we estimate that Gemini likely collected nearly 700,000 compromised cards," the report states.

By selling these compromised cards on the dark web, the crooks have likely made huge sums of money over the past several years.

Gemini says: "Extrapolating the number of cards per nine months to the overall lifetime of Keeper, and considering the dark web median of US$10 per compromised CNP (Card Not Present) card, this group has probably generated more than US$7 million."

The group has also been able to generate more than US$1.5 million from the sale of compromised payment cards.

However, the actual numbers could be significantly different because stolen credit card information is often sold at bulk discounts.

Since breaching its first e-commerce store in 2017, Keeper Group has "continuously improved its technological sophistication and scale of operations," Gemini said.

"Based on this pattern of successful Magecart attacks, Gemini assesses with high confidence that Keeper is likely to continue launching increasingly sophisticated attacks against online merchants worldwide," the report added.

.

Categories