Magecart’s card skimming tool, which was used to hack British Airways and Ticketmaster, is now available for sale on a dark web forum. The Magecart-style attack tool is being sold on a Russian dark web market for a price of $1,300.
According to a report by Armor Threat Intelligence, the tool consists of two components - a standard universal payment card sniffer and a control panel. The payment sniffer tool checks out for the new payment card entered by the online shoppers on the Checkout page of e-commerce sites.
“Additionally, the tool also uses Secure Socket Layer (SSL) protocol to encrypt the outbound payment card data being collected, making it harder for security teams to see the data being exfiltrated from the e-commerce site,” said Armor in its research paper.
According to Corey Milligan, a security researcher at Armor, the online sale of the Magecart-style attack tool could be a new way of generating revenue for the original Magecart group. It can simultaneously offer low-level threat actors with new opportunities to conduct cyber espionages.
“This attack tool represents the first step in the commoditization of the Magecart-style attack, creating a new line of revenue for the original Magecart threat groups while simultaneously serving to saturate the threat landscape with attempts by low-level threat actors, and thus hiding the original threat actors’ own activities that security experts are now hot on the trail of,” said Corey Milligan.