Hacker Group Amassed $7M in Crypto by Selling Stolen Credit Cards

Published at: July 7, 2020

A hacker gang known as “Keeper” established an interconnected network to steal credit card data from over 570 e-commerce sites. Since 2017, they have profited around $7 million in crypto by selling card information through the dark web.

According to a July 7 study by threat intelligence firm, Gemini Advisory, the hacker group managed to create 64 attacker domains and 73 exfiltration domains. These domains were used to retrieve user credit card data from numerous e-commerce sites located across 55 countries.

The malicious domains hosted an identical login panel from each e-commerce website. They inserted a malware payload to get the credit card data.

Over 184,000 credit card data compromised

The most affected countries are the United States, the United Kingdom, and the Netherlands.

The report details that around 184,000 cards were compromised during Keeper’s attacks between July 2018 - April 2019. The exact quantity of credit card data stolen is unknown. As of press time, the hacker gang is still active.

Ameet Naik, security expert at cybersecurity firm, PerimeterX, told Cointelegraph:

"Digital skimming and Magecart attacks are a lucrative business for hackers yielding rich bounties. Large scale operations like these can still compromise hundreds of thousands of credit cards even though they don’t target major high traffic stores. Businesses need to remain vigilant to Magecart attacks by locking down their infrastructure, using strong multi-factor authentication whenever possible and  leveraging client-side application protection solutions that can detect and stop such attacks in real-time.”

Gemini states that given the dark web median price of $10 per compromised Card Not Present card, or CNP, the group reportedly amassed over $7 million in crypto from selling the stolen data via the dark web. There are no details concerning which cryptocurrencies were accepted as payment.

The gang is still alive

Researchers warn that Keeper not only remains active, they are improving their technical sophistication and the attack methods as well.

Research by cybersecurity firm, Cyble Research Team, revealed that on May 29 that data for more than 80,000 credit cards were put up for sale on the dark web. The data from these cards appears to have been gathered from various countries around the world.

Cointelegraph reported in 2019 that financial scammers are selling credit card data for only 10 to 12 cents on the dollar to buyers willing to provide a prepaid fee in Bitcoin (BTC), according to the new Q3 2019 Black Market Report from Armor’s Threat Resistance Unit.

Tags
Related Posts
These are the end days for crypto criminals, and good riddance
John McAfee’s recent detention in Spain caps off a few weeks where crypto news feeds have been dusted with reports of regulator enforcement actions and bans, arrests, and an exchange hack. Crypto news hasn’t looked like this in a while. The terrain of the crypto sector may once have been blighted by exit scams and cowboys, but the post-BlockFi, post-Grayscale crypto landscape is an entirely different beast. Does the recent spate of stories related to crime and legal proceedings suggest that the sector is being mopped up for a brighter future? Are regulators only now catching up? Or does it …
Blockchain / Oct. 9, 2020
US Secret Service Creates Finance-Related Cybercrime Task Force
The U.S. Secret Service announced the creation of the Cyber Fraud Task Force, or CFTF on July 10, after merged its Electronic Crimes Task Forces and Financial Crimes Task Forces into a single network. According to the official announcement, the Secret Service had been planning over two years to create a unified task force to combat cybercrimes related to the financial sector and fight things like ransomware attacks, business email compromise scams, credit card online stealing, among others. The CFTF appears in a context that the illegal market of credit card stolen data through the dark web and banking details …
Blockchain / July 12, 2020
Ransomware Threatens Production of 300 Ventilators Per Day
The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm. Boyce Technologies is well-known for its work in designing and manufacturing FDA-approved low-cost ventilators in just 30 days during the …
Blockchain / Aug. 7, 2020
Major Chilean bank shuts down all branches following ransomware attack
Banco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil. According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident. Citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and …
Technology / Sept. 8, 2020
Someone Has Been on a $200M Crypto Exchange Hacking Spree
A cybercriminal group has allegedly stolen around $200 million from cryptocurrency exchanges over the past two years. In total, they are believed to have hit 10 - 20 victims across the United States, the Middle East, and Asia. According to research by the cybersecurity firm ClearSky, the gang named “CryptoCore,” known with other pseudonyms like “Dangerous Password” and “Leery Turtle,” has been actively targeting crypto firms since 2018 — specifically exchanges. Source: ClearSky They confirmed that CryptoCore stole $200 million from at least five victims, several of whom were located in Japan. Between 10-20 additional companies could be affected The …
Technology / June 24, 2020