South African online stores targeted by hackers

The Keeper Magecart Group targeted at least six South African ecommerce websites as part of a battery of cyberattacks conducted between 1 April 2017 and 7 July 2020, a report from Gemini Advisory has stated.

Globally, 570 online shops in 55 different countries were targeted with the aim of infecting their websites with malicious software to steal personal data. In some instances, this included payment card information.

Gemini said that as part of its investigation, it discovered that the “Keeper” Magecart group consists of an interconnected network of 64 attacker domains and 73 exfiltration domains.

“The Keeper exfiltration and attacker domains use identical login panels and are linked to the same dedicated server; this server hosts both the malicious payload and the exfiltrated data stolen from victim sites,” Gemini stated.

While over 85% of the victim sites operated on the Magento CMS, the attackers also targeted sites running WordPress (5.5%), Shopify (4.2%), BigCommerce (2.0%), and PrestaShop (0.5%).


Out of the 55 countries represented in Gemini’s investigation, South Africa had the 16th highest number of compromised domains. The countries which saw the most infections were the United States, United Kingdom, and the Netherlands, France, and India.

“Gemini uncovered an unsecured access log on the Keeper control panel with 184,000 compromised cards with time stamps ranging from July 2018 to April 2019,” the advisory said.

“Extrapolating the number of cards per nine months to Keeper’s overall lifespan, and given the dark web median price of $10 per compromised Card Not Present card, this group has likely generated upwards of $7 million from selling compromised payment cards.”

Gemini said that the Keeper Magecart group has been active for three years and has continually improved its technical sophistication and the scale of its operations.

“Based on this pattern of successful Magecart attacks, Gemini assesses with high confidence that Keeper is likely to continue launching increasingly sophisticated attacks against online merchants across the world.”

South African websites compromised
The following table summarises the six South African websites included in Gemini’s report.

In other news – Kairo Forbes turns 5 with 1million IG followers and many more achievements to note

Kairo did not just celebrate her 5th birthday on Wednesday, she’s also celebrated another milestone. Read more

Source: mybroadband

Comments 0

Your email address will not be published. Required fields are marked *

More From: Business & Technology

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
The Classic Internet Listicles
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Upload your own images to make custom memes
Youtube, Vimeo or Vine Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format