Profile picture
Catalin Cimpanu @campuscodi
, 9 tweets, 4 min read Read on Twitter
A detailed look at how Magecart groups are stealing your card details from online stores…
The article is basically a summary of a 60-page report from RisqIQ and Flashpoint.

The report is here:…

Includes a breakdown of all the groups --currently seven-- engaged in Magecart-like attacks.
By far the most interesting groups are Group 5, which only targets third-party providers for supply chain attacks
And Group 6, which only hacked two companies --British Airlines and Newegg
The stolen card details from both hacks ended up on an infamous carding forum, btw
But the report also analyzes each group's skimmers --the JS scripts that crooks plant on hacked sites to steal users' card details.

Flashpoint has found several ads on hacking forums advertising JS skimmer scripts. Prices go from $250 to $5,000, depending on the desired features
Because Magecart-like hacks have been going on for 3-4 years now, these operations are also fully vertically integrated in the cybercrime landscape. Stolen card details reach carding forums, right next to data from ATM skimming operations and bank network hacks.
Card data is bought by fraudsters who then use various money mule setups to buy goods with victims' cards, resell items, and launder the money. In one case, a Magecart group even created a fake reshipping company to hide its money laundering operation.
Many users have asked me over the past few months how can they avoid having their card details stolen by Magecart groups. Here's the advice I kept giving users.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Catalin Cimpanu
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!