In the last three months of previous year, a spike of MageCart attacks was seen. The most infamous of them was of British Airways where nearly 400,000 individuals becoming the victims due to a piece of code 22 lines long. The attack was occurred in between 7 and 15 of October when hackers had injected the malicious code on the company’ online checkout web page. Now, Indonesia police have arrested three individuals accusing of being from MegaCart gang.
The MageCart gang hackers involve in targeting shopping cart applications found on eCommerce websites. They use the malicious code to skip card details entered by customers -this process is called Web Skimming or eSkimming. Thereafter, the hackers can make use of the card in any purposes. Typically, they sell them on the Darknet. In order to inject malicious code to the cart, they compromise the target eCommerce site or target third party applications.
In a combined effort of Interpol and Indonesian police, three individuals of having accused of MageCart attacks were arrested on December 20, 2019. The public was informed about this through a press conference at the end of end of the January 2020. In the press conference, the individuals were identified by their initials -ANF (27 years old), K (35 years old), and N (23 years old). They belonged to Jakarta and Yogyakarta.
As per Indonesian authorities, the MageCart attacks on twelve eCommerce websites mostly of which are European. However, researchers from Sanguine Security have attributed 571 different instances to the gang by an odd phrase “Success gan !” used by the gang. This phrase translate to “Success bro !” in English. The phrase has been presented in all the attacks attributed to the gang. The gang registered several domains since 2017 often with the suggesting names indicate about the their whereabouts and intentions.
On the Radar
Accused used a VPN to hide their location and identity. They use this VPN to retrieve the stolen card data from command and control servers. The accused also used the stolen card details to pay for web hostile services in attempt to hide their identities. Despite their attempts, the researches somehow managed to track the location of the command and control servers to locations in Indonesia. This information was used for the arrest. Hopefully, other members of gang will also be arrested in the coming month.
The guideline provided by the security firm to prevent financial loss a result of such an attack:
“To avoid big financial losses due to JS-sniffers, it’s recommended for online users to have a separate pre-paid card for online payments, set spending limits on cards, used for online shopping, or even use a separate bank account exclusively for online purchases. Online merchants, in their turn, need to keep their software updated and carry out regular cybersecurity assessments of their websites.”