Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry

Wednesday 2 October 12:00 - 12:30, Green room

Yonathan Klijnsma (RiskIQ)

The credit-card-skimming game started with physical skimmers on ATMs and has evolved to memory skimming on point-of-sale terminals. Since 2014, skimmers have successfully been targeting e-commerce platforms at an alarming rate, stealing from consumers shopping in the perceived safety of their own homes. Over the past years, RiskIQ has been publishing details on a set of groups under the umbrella name "Magecart", profiling their attacks on e-commerce businesses from small shops to major online merchants like Ticketmaster and British Airways.

In this talk, we will discuss how the Magecart threat evolved, break down its high-profile attacks in detail, and show how the criminals monetize their plunder. We’ll also explain how their uncanny ability to adapt to their environment and get smarter makes them such a formidable adversary for security teams.


Related links



Yonathan Klijnsma

Yonathan Klijnsma is the lead of threat research within RiskIQ and, with the help of RiskIQ's expansive data sets, uncovers and hunts down threats. Both his work and his hobbies focus on threat intelligence in the form of profiling threat actors as well as analysing and taking apart the means by which they perform their digital crimes.


   Read paper    Watch video

Back to VB2019 Programme page

Other VB2019 papers

Webcam interception and protection in kernel mode in Windows (partner presentation)

Michael Maltsev (Reason Cybersecurity)

Cyber espionage in the Middle East: unravelling OSX.WindTail

Patrick Wardle (Jamf)

APT cases exploiting vulnerabilities in region-specific software

Shusei Tomonaga (JPCERT/CC)
Tomoaki Tani (JPCERT/CC)
Hiroshi Soeda (JPCERT/CC)
Wataru Takahashi (JPCERT/CC)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.