Antus67

Level 9
Verified
Suspected members of a MageCart group that stole payment card information from customers of hundreds of hacked online stores are now in custody of the Indonesian police.
Named GetBilling by some cybersecurity researchers, the group has been operating since at least 2017 and is responsible for 1% of all MageCart incidents, at a minimum.
MageCart attacks use malicious JavaScript code to collect payment and personal information users enter on the checkout page of a compromised online store. The script is also referred to as JS-sniffer, web skimmer, or e-skimmer.

According to Cyberthreat.id the following dozen shops were infected with the GetBilling web skimmer:


  1. thebigtrophyshop.co.uk
  2. rebelsafetygear.com
  3. infinitetee.co.uk
  4. screenplay.com
  5. sasy420.com
  6. adelog.com.au
  7. getitrepaired.co.uk
  8. geigerbtc.com
  9. hygo.co.uk
  10. jorggray. co.uk
  11. iweavehair.com
  12. ap-nutrition.com
The investigation continues in six other countries in the Association of Southeast Asian Nations (ASEAN), the Interpol says today, where infrastructure and another three members of this MageCart group may be located. Two command and control servers were identified in Singapore, now deactivated by the authorities.


After the three were arrested in Indonesia, Sanguine Security detected the GetBilling script on other websites.
 
Top