An alarming report from key global researchers in the cybersecurity front reveals that a notorious credit card hacker group has managed to run its nefarious operation. The operation is known as Magecart and has operated anonymously for two and a half years.
In the course of their operation, they are believed to have compromised around 40 sites. Details from the reports show that to remain undetected, Magecart operated under the pretense of an unregistered content delivery network.
Investigations to bring down the skimmers has been going on for months, with the first-ever recorded hack believed to have happened on September 30, 2019. The most recent attack occurred on February 19, 2020. The group seems to have the unlikely target preference of print media/ magazine platforms.
Most of the attacks on magazine printing sites were identified, but there was laxity in responding to the threats. This gave the attackers substantial leeway to further their hacking activities, which they directed to the platform's payment webpages and swindled money from the uploaded card information which was available to them through phishing.
Some reports confirm that the first case of the operation was in August 2017. A bulk of the victims are believed to have subscribed to popular magazines and newsletters such as ESPN soft copies, "Stars and Stripes" military publications, and a variety of other print media sites.
Reports show that 18 keyloggers were responsible for the two and a half year-long credit cart phishing activity from which they distributed the stolen data to the rest of the hacking group. It is at this point that the operation of siphoning money from the credit cards began.
Mimicking legitimate and popular brands seems to be the modern trend amongst web skimmers. One notable platform that has been receiving a particularly popular interest amongst the online hacking community is Google Analytics.
This is because it is the go-to place for most online sites to track their traffic graphs and other distinctive elements of their data.
In this case, the scammers used two domains that were a replica of the Amazon CloudFront content delivery network/CDN. The other software infrastructure was designed to obscure the identity of the server address used in the operation.
In this case, an open-source reverse proxy software by the name Ngrok was used in the Magecart operation, and it worked without getting detected. After the algorithm library got deconstructed, it revealed that the domains of the content delivery network were compromised with malicious codes that phished credit card numbers within the stored data.
Elements of data that were of interest to the group included but were not limited to physical addresses, emails, and phone contacts.
You can join the discussion here