Keeper Magecart Malware infects 570 sites

Gemini Advisory, has this week revealed that the payment-card-skimming Magecart malware has been found on 570 570 shopping websites spanning 55 countries.

Their report can be read here. and a full list of the compromised sites can be found here.

A summary of their key findings is as follows:

• Gemini discovered that the “Keeper” Magecart group, has targeted over 570 victim e-commerce sites in 55 different countries from April 1, 2017 until the present.
• Over 85% of the victim sites operated on the Magento CMS, which is known to be the top target for Magecart attacks and boasts over 250,000 users worldwide. The country hosting the largest selection of these victim e-commerce sites was the United States, followed by the United Kingdom and the Netherlands. 
• Gemini uncovered an unsecured access log on the Keeper control panel with 184,000 compromised cards with time stamps ranging from July 2018 to April 2019. Extrapolating the number of cards per nine months to Keeper’s overall lifespan, and given the dark web median price of $10 per compromised Card Not Present (CNP) card, this group has likely generated upwards of $7 million USD from selling compromised payment cards. 
• The Keeper Magecart group has been active for three years, over which time it has continually improved its technical sophistication and the scale of its operations.