The gang Keeper, a group behind the hacking of 570 online stores

The gang Keeper, a group behind the hacking of 570 online stores Cybersecurity

A group of hackers known as the “Keeper” have been responsible for security breaches on more than 570 online e-commerce portals in the past three years. This gang entered the back-end of online stores, changed their source code, and inserted malicious scripts that recorded the details of the payment cards entered by buyers in the forms.

The cybersecurity community calls this type of attack “Web skimming”, “e-skimming” or intrusion “Magecart”, named after the first group of hackers who used these tactics. Via a report published on Tuesday, the company Gemini Advisory has highlighted the fact that this gang of cybercriminals has been in business since at least April 2017 and continues to be so today.

The company says it was able to spot the gang’s activities because the gang uses identical control panels for the back-end servers where it collects information from payment cards from hacked stores.

Loot estimated at $ 7 million

By exploiting the fingerprints of this control panel, Gemini was able to track all of Keeper’s historical activities and view the old control panels operated by “Keeper” members, the malicious URLs used to host the hacking infrastructure, but also a list of pirated online stores where the gang inserted its malicious scripts.

As the company reports, 85% of the 570 hacked stores operated on the Magento e-commerce platform. Most of the stores were operated by small and medium-sized businesses. Keeper has also reached big names, sites that have attracted between 500,000 and 1,000,000 visitors per month. In addition, the Gemini Advisory team explained that during its investigation into the Keeper’s gang infrastructure, it also discovered that one of the back panels, where hackers were sending the payment card information collected in the online stores, was not properly secured.

“Based on the number of cards collected over a nine-month period, and taking into account the group’s operations since April 2017, Gemini estimates that it has probably collected nearly 700,000 compromised cards,” experts from Gemini in his report, shared with the editorial staff of ZDNet. “Given the current median price on the dark web of $ 10 per compromised Card Not Present (CNP) card, this group likely generated more than $ 7 million US by stealing and selling compromised payment cards throughout its lifespan, “sums up the company.



Rate article