A Magecart hacking gang may have been caught by police for the first ever time

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

A Magecart hacking gang may have been caught by police for the first ever time
Police in Indonesia, working alongside Interpol, have arrested three men suspected of being part of a gang engaged in Magecart attacks that stole payment card information from online shoppers.

The three men, from the regions of Jakarta and Yogyakarta, were arrested on December 20th as part of an operation called “Night Fury”, but details were only made public at the end of last week at a press conference.

Magecart arrests
The arrests were announced by Indonesian police at a press conference.

Indonesian police say that the trio, believed to have been active since 2017, made money from attacks against 12 (mostly European) online stores.

However, Security researchers at Sanguine Security say that it has linked the malicious code to attacks found on over 571 websites, 27 of which remain infected to this day despite warnings.

Sign up to our free newsletter.
Security news, advice, and tips.

The researchers believe that one or more other suspects remain at large, and report that servers used by gang members to collect credit card data – including one which uses the brazen domain name of magecart.net – have been active and modified since the arrests.

If the arrested men are indeed responsible for some of the attacks that have been blighting online stores in recent years it will be the first time that police anywhere in the world have successfully apprehended an active Magecart gang.

Magecart, a family of Javascript malware, is used to skim credit card details and personal information from unsuspecting internet users as they interact with websites – often as the sensitive data is entered to purchase an item or service online.

CVVWhat makes a Magecart attack often much more serious than a conventional data breach, is that most companies do not store your full credit card details, such as your CVV security code. But those details are entered on online checkout forms by consumers, and can be stolen by a malicious script hidden in the website’s code.

Part victims of Magecart attacks include Ticketmaster, British Airways, Forbes, Umbro, Vision Direct, and Newegg.

It’s worth bearing in mind that these arrests are unlikely to herald the end of Magecart and similar attacks, as there are other hacking gangs who are potentially making much more money from their cybercriminal activities and who might have done a better job of covering their tracks.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.