A hacker gang known as “Keeper” established an interconnected network to steal credit card data from over 570 e-commerce sites. Since 2017, they have profited around $7 million in crypto by selling card information through the dark web.

According to a July 7 study by threat intelligence firm, Gemini Advisory, the hacker group managed to create 64 attacker domains and 73 exfiltration domains. These domains were used to retrieve user credit card data from numerous e-commerce sites located across 55 countries.

The malicious domains hosted an identical login panel from each e-commerce website. They inserted a malware payload to get the credit card data.

Over 184,000 credit card data compromised

The most affected countries are the United States, the United Kingdom, and the Netherlands.

The report details that around 184,000 cards were compromised during Keeper’s attacks between July 2018 - April 2019. The exact quantity of credit card data stolen is unknown. As of press time, the hacker gang is still active.

Ameet Naik, security expert at cybersecurity firm, PerimeterX, told Cointelegraph:

"Digital skimming and Magecart attacks are a lucrative business for hackers yielding rich bounties. Large scale operations like these can still compromise hundreds of thousands of credit cards even though they don’t target major high traffic stores. Businesses need to remain vigilant to Magecart attacks by locking down their infrastructure, using strong multi-factor authentication whenever possible and  leveraging client-side application protection solutions that can detect and stop such attacks in real-time.”

Gemini states that given the dark web median price of $10 per compromised Card Not Present card, or CNP, the group reportedly amassed over $7 million in crypto from selling the stolen data via the dark web. There are no details concerning which cryptocurrencies were accepted as payment.

The gang is still alive

Researchers warn that Keeper not only remains active, they are improving their technical sophistication and the attack methods as well.

Research by cybersecurity firm, Cyble Research Team, revealed that on May 29 that data for more than 80,000 credit cards were put up for sale on the dark web. The data from these cards appears to have been gathered from various countries around the world.

Cointelegraph reported in 2019 that financial scammers are selling credit card data for only 10 to 12 cents on the dollar to buyers willing to provide a prepaid fee in Bitcoin (BTC), according to the new Q3 2019 Black Market Report from Armor’s Threat Resistance Unit.