Hacker Network, Magecart Group AKA “Keeper” has reportedly targeted at least six South Africa e-commerce platforms with their attacks. According to a report by Gemini Advisory.
‘Keeper’ consists of an interconnected network of 64 attacker domains and 73 exfiltration domains. “The Keeper exfiltration and attacker domains use identical login panels and are linked to the same dedicated server; this server hosts both the malicious payload and the exfiltrated data stolen from victim sites,” read Gemini’s report.
Gemini’s report shows data from 55 countries around the world with South Africa having the 16th highest number of attacks between 2018 and 2019. The U.S., U.K, Netherlands, France and India were the countries with the most infected domains.
The group has so far managed to compromise 570 online shops across 55 countries. The aim of the attack is to infect the platforms with malicious software to steal data from unsuspecting users, including payment card information.
“Gemini uncovered an unsecured access log on the Keeper control panel with 184,000 compromised cards with time stamps ranging from July 2018 to April 2019,” the advisory said.
In South Africa, the following e-commerce platforms appeared on Gemini’s list:
- ARB Electrical
- Baby City
- Getting A Deal
- PC Express
Most of these platforms acknowledged the attacks but assured customers that none of their information was stolen. The online shops either prevented the attack as it happened or were able to intervene before the attackers got away with any information. However, ARB Electrical and Baby City did not acknowledge these attacks while PC Express denies that the attack ever happened since they didn’t pick anything up on their logs.