First MageCart Hackers Caught, Infected Hundreds of Web Stores

Antus67

Level 9
Thread author
Verified
Well-known
Nov 3, 2019
413
Suspected members of a MageCart group that stole payment card information from customers of hundreds of hacked online stores are now in custody of the Indonesian police.
Named GetBilling by some cybersecurity researchers, the group has been operating since at least 2017 and is responsible for 1% of all MageCart incidents, at a minimum.
MageCart attacks use malicious JavaScript code to collect payment and personal information users enter on the checkout page of a compromised online store. The script is also referred to as JS-sniffer, web skimmer, or e-skimmer.

According to Cyberthreat.id the following dozen shops were infected with the GetBilling web skimmer:


  1. thebigtrophyshop.co.uk
  2. rebelsafetygear.com
  3. infinitetee.co.uk
  4. screenplay.com
  5. sasy420.com
  6. adelog.com.au
  7. getitrepaired.co.uk
  8. geigerbtc.com
  9. hygo.co.uk
  10. jorggray. co.uk
  11. iweavehair.com
  12. ap-nutrition.com
The investigation continues in six other countries in the Association of Southeast Asian Nations (ASEAN), the Interpol says today, where infrastructure and another three members of this MageCart group may be located. Two command and control servers were identified in Singapore, now deactivated by the authorities.


After the three were arrested in Indonesia, Sanguine Security detected the GetBilling script on other websites.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top