A San Francisco-based security company that identified a vulnerability specific to e-commerce merchants last October, has followed up its report with a look into how criminals are monetizing data they obtained as a result of the security flaw. Last fall, RiskIQ found that hackers were targeting e-commerce companies running outdated and unpatched versions of Magento, Powerfront and OpenCart with malicious keystroke-logging code and stealing payment card information. The vulnerability was called Magecart.
The new report follows the trail of some of the information stolen using Magecart (with an assist from security reporter Brian Krebs). It details a reshipping scheme connected with information stolen via Magecart fraudsters are using to cash out. The company warns that Magecart is still a risk.
“Magecart activity is still going strong, affecting new sites and continuing to register new domains to host the injected web skimmer scripts,” said Yonathan Klijnsma, threat researcher at RiskIQ. “New insight into the sophisticated way these actors are monetizing their activities in the physical world shows the broadness of their scope of operations.”