A hacker group called `Keeper' has cracked into at least 570 e-commerce stores in around 55 countries in the last three years.
- The Keeper Magecart Group broke into 570 online stores across the world.
- According to Gemini, the Keeper gang has collected close to 700,000 compromised cards.
- Gemini said that almost 85% of the 570 hacked stores ran on the Magento e-commerce platform. Magento, which has more than 250,000 users worldwide, is one of the top targets for Magecart attacks.
A hacker group called `Keeper' has cracked into at least 570 e-commerce stores in around 55 countries in the last three years.
It consists of an interconnected network of 64 attacker domains and 73 exfiltration domains. Keeper group has been operating since April 2017 and continues to work till today.
As the Keeper gang creeps into the online store's backends, they distort the source code and insert malicious scripts that log payment card details entered by shoppers in check out forms.
The Gemini group named this as "Keeper" based on it's repeated usage of a single domain named fileskeeper[.]org to inject malicious payment card-stealing JavaScript (JS) into the website's HTML code and receive the compromised card data.
Researchers explain that Keeper exfiltration and attacker domains use similar login panels and are all linked to the same dedicated server.
Out of the many websites hacked includes online bicycle merchant milkywayshop.it, Apple product reseller inbox.co.id from Indonesia, Pakistani clothing store alkaramstudio.com and US-based premier wine and spirits seller cwspirits.com.
According to Gemini Advisory, in February, this year, Mumbai based online jewellery store ejohri.com was also allegedly compromised.
The Keeper gang is likely to proceed with launching increasingly complicated attacks against online traders across the world by improving their techniques and has compromised hundreds of domains and extracted payment card information from many more.
"Extrapolating the number of cards per nine months to Keeper's overall lifespan, and given the dark-web median price of $10 per compromised card-not-present (CNP) card, this group has likely generated upwards of $7 million from selling compromised payment cards," according to new research from Gemini Advisory on Tuesday.
These victims may have been "operating on an outdated content management system (CMS), utilizing unpatched add-ons, or having administrators' credentials compromised through sequel injections," said researchers.
Researchers declare that in mid-2020, Magecart has become a daily occurrence from small to medium-sized e-commerce businesses. The security researchers said The criminals behind this threat continuously evolve and enhance their techniques to prey on unsuspecting victims who do not emphasize domain security.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online