Police in Indonesia, working alongside Interpol, have arrested three men suspected of being part of a gang engaged in Magecart attacks that stole payment card information from online shoppers.
The three men, from the regions of Jakarta and Yogyakarta, were arrested on December 20th as part of an operation called “Night Fury”, but details were only made public at the end of last week at a press conference.
Indonesian police say that the trio, believed to have been active since 2017, made money from attacks against 12 (mostly European) online stores.
However, Security researchers at Sanguine Security say that it has linked the malicious code to attacks found on over 571 websites, 27 of which remain infected to this day despite warnings.
The researchers believe that one or more other suspects remain at large, and report that servers used by gang members to collect credit card data – including one which uses the brazen domain name of magecart.net – have been active and modified since the arrests.
If the arrested men are indeed responsible for some of the attacks that have been blighting online stores in recent years it will be the first time that police anywhere in the world have successfully apprehended an active Magecart gang.
Magecart, a family of Javascript malware, is used to skim credit card details and personal information from unsuspecting internet users as they interact with websites – often as the sensitive data is entered to purchase an item or service online.
What makes a Magecart attack often much more serious than a conventional data breach, is that most companies do not store your full credit card details, such as your CVV security code. But those details are entered on online checkout forms by consumers, and can be stolen by a malicious script hidden in the website’s code.
Part victims of Magecart attacks include Ticketmaster, British Airways, Forbes, Umbro, Vision Direct, and Newegg.
It’s worth bearing in mind that these arrests are unlikely to herald the end of Magecart and similar attacks, as there are other hacking gangs who are potentially making much more money from their cybercriminal activities and who might have done a better job of covering their tracks.