Sinkholing Magecart digital credit card skimmers from compromised e-commerce sites

November 13, 2018

In recent months there has been a spate of high-profile security incidents, with breaches of respected global brands such as Ticketmaster, British Airways and Newegg making headlines when operatives of what has become known as “Magecart”  intercepted thousands of consumer credit card records.

Magecart (artwork courtesy of RiskIQ)

Magecart is an umbrella term given to at least seven cybercriminal groups that are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate, with significant successes.

For a number of months, The Shadowserver Foundation and Abuse.CH have been assisting security researchers at RiskIQ and Flashpoint in sinkholing hundreds of Magecart related domains, and at the same time deconflicting those actions against any ongoing law enforcement investigations. Today RiskIQ and Flashpoint have published a joint report that provides extensive insight into the Magecart phenomenon and profiles a number of the sub-groups involved in their criminal activities. We highly recommend this report to anyone involved in operating high profile e-commerce sites.

Sinkhole data from Magecart related credit card skimming domains is available each day in Shadowserver’s free of charge daily reports to national CERTs and network owners.

Recent Articles