Magecart: The State of a Growing Threat

Magecart is a rapidly growing cybercrime syndicate comprised of dozens of subgroups that specialize in cyberattacks involving digital credit card theft. By placing its malicious JavaScript skimmers on online payment forms at a massive scale, Magecart is threatening the ability of consumers worldwide to shop online safely.

Although it’s just recently getting attention, Magecart has been active for nearly ten years, with RiskIQ first detecting its JavaScript in 2010. Since then, it’s become so ubiquitous that hundreds of thousands of sites, and potentially millions of users, have been affected. 

RiskIQ’s global discovery platform gathers internet-wide telemetry that enables us to view websites as Magecart actors do; a unique perspective that provides unmatched visibility into this surging threat. In this valuable report, we share this telemetry data, which yields critical insight into the state of Magecart, whose skimmers have appeared over two million times, and directly breached over 18,000 hosts. 

Download the report for insights such as:

  • The average length of a Magecart breach
  • Which shopping platforms are most vulnerable 
  • The impact of third-party breaches
  • New tactics Magecart is employing to spread their skimmers

Get the Report