class="post-template-default single single-post postid-7967 single-format-standard wp-custom-logo">

RiskIQ Researchers Track E-commerce Threat Magecart Part II, Discover Network of Threat Actors Physically Reshipping Items Purchased with Stolen Cards via U.S. Mules


New report uncovers a direct link to the outcome of stolen credit cards, offering rare insight into the physical world operations of actors tied to digital threats

LONDON, UK – July 12, 2017 – In October of last year, the RiskIQ Threat Research team released “Compromised E-commerce Sites Lead to ‘Magecart,” a report profiling the e-commerce threat they discovered and dubbed ‘Magecart,’ which injects JavaScript code into e-commerce sites running outdated and unpatched versions of shopping cart software from Magento, Powerfront, and OpenCart. By logging consumer keystrokes, these attackers capture large quantities of payment card information.

RiskIQ logo
RiskIQ logo

Now, by following a new strain of Magecart, the team has discovered a direct link to the outcome of the stolen credit cards for threat actors, offering rare insight into the physical world operations of actors tied to digital threats.

The Report, “Magecart Part II: From Javascript Injects to Reshipping for Financial Gain,” highlights how threat actors targeting e-commerce sites cash out by reshipping items purchased with stolen cards via a physical reshipping company, operating with mules in the U.S.

In light of the recent Krebs on Security blog post, which ties Magecart infrastructure listed in our original report to a credit card dumps website known as “Trump’s Dumps,” it’s clear that these actors have a diversified portfolio of rackets for monetising their plunder.

“Magecart activity is still going strong, affecting new sites and continuing to register new domains to host the injected web skimmer scripts,” said Yonathan Klijnsma, threat researcher at RiskIQ. “New insight into the sophisticated way these actors are monetising their activities in the physical world shows the broadness of their scope of operations.”

By pivoting on a domain related to known Magecart activity in RiskIQ PassiveTotal, the team found that the server behind its IP address, currently used for the injects of the Magecart script, also links to a reshipping company website falsely advertised as a freight/logistics provider.

Via false employment ads on Russian job websites for U.S.-based job seekers, mules are recruited under the pretence of “transport agents,” tasked with receiving shipments of electronics and other goods bought with stolen credit cards to ship to an address in Eastern Europe. This technique is similar to more traditional schemes involving money mules, but rather than a direct transfer of funds, the actors behind Magecart transfer funds into higher-priced goods, which can be shipped across borders without suspicion then sold for a hefty profit.

Magecart Part II: From Javascript Injects to Reshipping for Financial Gain’ takes a deep dive into:

  • The evolution of payment card theft
  • Magecart infrastructure: what it looks like, how to detect it, and how it’s evolving
  • Why e-commerce sites and consumers are at risk
  • The Magecart operators’ offline rackets and why they work
  • Guidance for e-commerce site owners and why having a dynamic view of their digital footprint is key to defending themselves

To conduct this and other web research, RiskIQ applies its proprietary virtual user web crawling technology. This advanced internet reconnaissance acts like a user would, thoroughly interrogating websites and web apps, as well as respective browser session communications. It processes more than 2 billion HTTP requests per day to surface, identify, and connect internet elements to malicious campaigns.

RiskIQ sees what appears on social media pages, websites, and mobile sites – just as it appears in users’ browsers. RiskIQ virtual users capture the DOM and find the dynamic links and changes made by JavaScript that could signify a potential attack.

“This new report shows how Magecart is an effective and lucrative operation for these actors,” Klijnsma said. “It may well indicate a burgeoning trend of keylogging threats affecting e-commerce sites.”


About RiskIQ
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 80 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures. Visit RiskIQ.com or follow us on Twitter.

Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/

To learn more about RiskIQ, visit www.riskiq.com.

###

Media Relations
Anna May
Atomic PR
riskiq@atomicpr.com
020 3861 3901

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

:::::::::::::::::::::::::::::Advt::::::::::::::::::::::::::

TRIO STEEL IS ONE OF THE MOST TRUSTED BRAND AND LEADING EXPORTER AND SUPPLIER OF CARBON STEEL, ALLOY STEEL & STAINLESS STEEL PIPES & PIPE FITTINGS MATERIAL. Triosteel is one of the leading Suppliers and Exporters of API 5L Pipe in Singapore. Triosteel also Exports to many countries like Indonesia, Iran, Saudi Arabia & many more. An API 5L pipe is manufactured by adhering to the specifications laid down by the International Organization for Standardization (ISO) 3183.

——————————————–

For the 2012 MLB period, we found an totals forecast Joao’s Renowned Over/Under João Zorro Gonçalves, Zcode Totals Pro, System of the time with progressions that have been successful over 98 98% ... We eventually perfected our over/under program ( Zcodesystemexclusive ), although it h-AS has brought years of investigation. Five Steps to Making a Winning MLB Method: 1. Execute appropriate cash management tools. 2. MLB rules that are comprehend. 3.Extensive testing back to make sure successful longterm results ...

——————————————–

There is always a challenge when you're dealing with the Foreign Exchange Market. That's just the nature of the beast. The best thing you can do is to learn about how the market operates as a whole so that you will be ready to meet these challenges. iq option penipu Never be misled by any profit gains in binary options. This is the number-one way traders end up losing their money and ultimately failing. Remember that the same things that make you laugh can make you cry in this market, and you can lose that $700.

——————————————–

Lipodrene® é uma formulação poderosa para perda de peso e energia que contém 25 mg de extrato de efedrina marca Thermo-Z ™ e da Hi-Tech proprietária do blend Thermo-Rx ® uma mistura estimulante incrivelmente potente. lipodrene Lipodrene Reviews 1 : ”Comecei a tomar e logo na primeira dose já senti o corpo muito mais quente e energia, vamos ver o resultado final” – Hércules,31. São Paulo- SP Lipodrene Reviews 2 : ”O lipodrene foi o melhor termogênico que já tomei pq além

——————————————–

Learning Polish has never been this fun and easy as with our podcasts Learn Polish with Polishpod101 Start today and become conversational in Polish in no time

——————————————–

The Best Website Agen Poker Resmi www.sakupoker.com Terpercaya come join

——————————————–

Do you need edmonton phone systems service ? Call complete communications today!

——————————————–

High-tech solutions for easy start-up of your IPTV/OTT-business

——————————————–

——————————————–

If you want to purchase not only one item, you have a chance to enjoy privileges. There is a sale’ tab on the site which offers a fantastic range of reduced counterfeit watches and accessories, such as sunglasses, cufflinks, watch straps and pens. Luxury Jewelry Replica At MCA.MN On Sale You get a 5% discount if you buy two pieces, this discount increases to 10% if you buy 4 pieces or more. There is free international shipping on all orders on this site. We also offer customers a free return anytime with a 100% money back guarantee.

——————————————–

For additional local bangkok self storage visit airportels.

——————————————–

——————————————–

——————————————–

Find all the info that you need about " testo hardworkout " at https://hardworkout.no

——————————————–

——————————————–

——————————————–