More than 570 online e-commerce sites are compromised by a hacker community known as “Keeper”. Keeper hacked into backends in the online shop, altered source code, and inserted malicious scripts for phishing card details entered by customers in checkout forms.
Gemini Advisory, a threat intelligence firm, says Keeper has been operational since April 2017. Gemini said it was tracking the activities because Keeper had used the cognate remote controls for the cloud server where they accumulated details of the payment card from hacked stores.
Gemini was able to monitor all of the Keeper’s historical activities by fingerprinting that panel. That included the positions of former backend tables, which were using malicious URLs.
Don’t Miss: 30 Absolute Top Trending Cyber Attacks
Gemini reports that approximately 85% of the 570 compromised stores run on top of Magento’s e-commerce network. Most of the stores, Gemini claims, have been small to medium operations. Keeper targeted several big names, including places that attracted from 500,000 to 1,000,000 visitors each month. Most prominent hacked e-commerce sites are listed here.
Keeper struggled to protect one of its panels properly, where hackers submitted details of the payment card.
The Gemini Advisory Report includes the complete list of all the 570 + places compromised by the Keeper gang since April 2017. The Keeper gang has probably generated more than $7 million in its full lifespan from stealing and selling breached payment cards, analysts claim.