Three Magecart operatives arrested in Indonesia
Several members of a group allegedly behind hundreds of Magecart-style attacks were arrested last month in Indonesia as the result of an international law enforcement operation.
Interpol’s ASEAN Cyber Capability Desk and the Indonesian National Police just announced late last week the December 20, 2019 arrest of three members of a group allegedly behind a series of Magecart e-commerce attacks. The three individuals were only identified by their initials, age and city. According to Group-IB, the three are Jakarta and Yogyakarta and are N, 23; ANF, 26 and K, 35 years old.
Interpol
reported it helped coordinate Operation NightFury that was supplied by the Indonesian
police, the research firm Group-IB and security teams from other nations. The
operation is on-going in five other countries where the gang allegedly had
command and control servers.
The three
are accused of inserting a JavaScript sniffer called GetBilling onto hundreds
of online point of sale system0, which was able to pull out payment card
information from a webstore. A JavaScript injection is a classic example of how
a Magecart attack’s early stage, reported RiskIQ.
“During the
special operation, Indonesian Cyber Police seized laptops, mobile phones of
various brands, CPU units, IDs, BCA Token, ATM cards,” said Group-IB.
The security
firm said it has been tracking GetBilling since 2018 and a study of the
infrastructure controlled by the arrested men indicate they infected at least
200 websites in Indonesia, Australia, Europe, the United States, South America,
and some other countries.
Group-IB described the GetBilling as an experienced cybercrime organization that used VPNs to hide their location and stolen credit cards to buy equipment, hosting services and new domains.
The arrest of the three men likely does not mean the end of Magecart attacks as there are other suspected groups using JavaScript sniffers to attack online POS systems.
A Flashpoint-RiskIQ study released in November 2019 suggests the descriptor Magecart describes an umbrella of about seven separate groups that use JavaScript sniffer malware to launch attacks on e-commerce sites. Last year saw many major corporations hit in this manner including British Airways, Ticketmaster, Macy’s and the American Cancer Society.
Group-IB’s annual 2019 threat report noted that the number of compromised payment cards uploaded to underground forums increased from 27.1 million to 43.8 million from the second half of 2108 to the first half of 2019. The company also blamed JavaScript sniffers for the 19 percent increase in the sale of CVV data during this period.
The post Three Magecart operatives arrested in Indonesia appeared first on SC Media.