A hacker gang named “Keeper” has established an interconnected network to steal credit card data from over 570 e-commerce sites, as they have profited around $7 million in crypto by selling card information through the dark web since 2017.
On July 7, it has been reported by threat intelligence firm Gemini Advisory that the hacker group managed to create 64 attacker domains and 73 exfiltration domains.
However, these domains were used to retrieve user credit card data from numerous e-commerce sites located across 55 countries.
The malicious domains hosted an identical login panel from each e-commerce website, as they inserted a malware payload to get the credit card data.
It has been analyzed that the most affected countries are the United States, the United Kingdom, and the Netherlands.
Keeper has been selling stolen credit card data through the dark web since 2017 https://t.co/lFfbaJxCx4 — Cointelegraph (@Cointelegraph) July 7, 2020
The report details that around 184,000 cards were compromised during Keeper’s attacks between July 2018 and April 2019. The exact quantity of credit card data stolen is unknown. As of press time, the hacker gang is still active.
Ameet Naik, the Security Expert at cybersecurity firm PerimeterX, stated:
“Digital skimming and Magecart attacks are a lucrative business for hackers yielding rich bounties. Large scale operations like these can still compromise hundreds of thousands of credit cards even though they don’t target major high traffic stores. Businesses need to remain vigilant to Magecart attacks by locking down their infrastructure, using strong multi-factor authentication whenever possible and leveraging client-side application protection solutions that can detect and stop such attacks in real-time.”
Likewise, Gemini states that given the dark web median price of $10 per compromised Card Not Present card (CNP), the group amassed over $7 million in crypto from selling the stolen data through the dark web, as there are no details concerning which cryptocurrencies were accepted as payment.
Thus, researchers warn that Keeper not only remains active, but they are also improving their technical sophistication and the attack methods as well.