Shopping cart attack provides insight into criminal operations

The Magecart attack which injects JavaScript into unpatched eCommerce sites in order to capture payment information first appeared in October last year.

Researchers at threat management specialist RiskIQ have been following a new strain of Magecart and found that it offers a rare insight into the operations of the actors behind digital threats.

By logging consumer keystrokes, Magecart captures large quantities of payment card information from unsuspecting shoppers. This stolen data typically gets packaged and sold as CVV dumps, on websites where transactions involving stolen credit card data take place. But RiskIQ's research shows that there are other ways in which this information can be used to make money.

Using employment ads on Russian job websites for US-based job seekers, mules are recruited as 'transport agents', their role is to receive shipments of electronics and other goods bought with stolen credit cards to ship them on to an address in Eastern Europe. This technique is similar to more traditional schemes involving money mules, but rather than a direct transfer of funds, the actors behind Magecart turn the funds into high-priced goods, which can be shipped across borders without arousing suspicion, then sold on for a hefty profit.

RiskIQ's researchers conclude that safer payment card standards like the introduction of chip and pin, coupled with better consumer awareness mean there's less opportunity to profit from card-present fraud. Therefore, it's likely that many criminals are looking for easier and less costly avenues for financial data theft. "A lack of overall protection by many online stores and the level of ease by which criminals may gain access to vulnerable web applications leads to many successful fraud operations like Magecart, supporting our belief that attackers are currently scrambling to capitalize on these weak defenses before additional safeguards take effect."

More information on the findings is available on the RiskIQ blog.

Photo Credit: mtkang/Shutterstock