Magecart: The Gang that Terrorized eCommerce, Mobile Payments

November 13, 2018         By: Steven Anderson

If there were a public enemies list for ecommerce—as far as we can tell from word sent our way from RiskIQ—it would be Magecart. If the name doesn’t sound familiar to you, it’s a group of at least seven different cybercriminal conclaves that applied digital credit card skimmers to various ecommerce sites, rendering them into identity  theft machines. RiskIQ dropped word our way about what the Magecart group is, and what can potentially be done about them.

Taking on Magecart, according to the RiskIQ study, will be difficult to say the least, because there are so many separate subgroups that work on a variety of different methods. In fact, RiskIQ actually broke down the leading six groups into five different sets based on what tactics they favor. For instance, groups one and two occupy the same space, as they tend to use automated tools to attack sites and put their systems in play.

RiskIQ even goes on to say that it’s been working with Flashpoint to address this problem directly, but admits that the “sheer scale of victims affected by Magecart” left it impossible to notify everyone involved. Thus, RiskIQ “…focused on taking on Magecart at its source by taking down its infrastructure with the help of AbuseCH and ShadowServer.” RiskIQ even issued a statement near the end of its report, calling on the entire industry—including anyone who runs into a Magecart attack—to contact RiskIQ directly and pass word on.

As for how to take on the threat of the widely-dispersed Magecart operation, RiskIQ recommended “good security practices” as a general response, but also conduct “additional integrity checking” down to the server level to check for anomalies. Regular shoppers, meanwhile, have almost certainly been compromised, and should carry out their own analyses routinely.

This likely doesn’t bring much comfort to the online shoppers out there, especially going into the Christmas shopping season. After all, most of us likely already practice good security habits like having a password populated by letters, numbers and squirrel noises as it is. This doesn’t seem to have slowed Magecart any. Still though, in the end, the most we can really do is watch, wait, and hope for the best as we try to protect ourselves in a landscape where so much can happen.