New Report Shows Magecart Detections Exceed 2 Million and Offers Key Insights for E-Commerce

San Francisco, California, UNITED STATES

SAN FRANCISCO, Oct. 04, 2019 (GLOBE NEWSWIRE) -- RiskIQ, the global leader in attack surface management, today released research highlighting the explosive growth of Magecart, the cybercrime syndicate comprised of dozens of subgroups that specialize in cyberattacks involving digital credit card theft by skimming online payment forms. Magecart code has been inserted on millions of sites and compromised the payment information of millions of users.

The report titled 'Magecart: The State of a Growing Threat' breaks down the current prevalence of Magecart attacks, as well as several essential trends online merchants should be aware of as the web-skimming epidemic targets their customers at an unprecedented rate. So far, RiskIQ has detected Magecart skimming code on websites 2,086,529 times. These detections include 18,000 hosts that were directly breached, with many more likely to fall victim this year.

With the company's internet-wide visibility, gained by crawling and passive-sensing the internet since 2010, RiskIQ has one-of-a-kind insight into this rapidly proliferating threat. This visibility has yielded some of the most significant Magecart discoveries to-date, such as the breaches of British Airways and Ticketmaster and the widespread use of misconfigured Amazon S3 Buckets to spread malicious code. It now provides an invaluable snapshot of the state of digital web-skimming.

According to the report, the most significant factor in Magecart's rise is that site owners' lack visibility into the code running on their site. The research found that the average breach lasts over two weeks, with many lasting much longer than that.

"Quietly, Magecart is eating away at the e-commerce industry because website owners lack visibility into the code that's running on their site," said Yonathan Klijnsma, head researcher at RiskIQ and leading expert in Magecart research. "This is a bigger problem than most people realize, as skimming code can exist on a breached website for weeks, months, or even indefinitely, victimizing any visitor that makes purchases on that site."

Other insights include:

  • 17% of all Malvertisements detected by RiskIQ contain Magecart skimmers
  • The average length of a Magecart breach is 22 days with many lasting years, or even indefinitely.
  • Shopping platforms such as Magento and OpenCart are the lifeblood of many Magecart groups. RiskIQ has detected 9,688 vulnerable Magento hosts.
  • Magecart infrastructure is vast, with 573 known C2 domains, and 9,189 hosts observed loading C2 domains.
  • Because Magecart skimmers stay on websites for so long, threat actors are purchasing Magecart infrastructure that's gone offline to assume access to these breached sites.

The entire report, containing additional insights and information, is available for download here:

About RiskIQ

RiskIQ is the leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an 'organization's digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, 'RiskIQ's platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.
Visit or follow us on Twitter. Try RiskIQ Community Edition for free by visiting

© 2019 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.

Holly Hitchcock
Front Lines Media