Ecommerce websites ‘face continuing threat’ from Keeper Magecart hacker group


Cybersecurity firm Gemini has warned that Keeper Magecart is likely to continue launching increasingly sophisticated attacks against online merchants across the world.

The assertion is based on Gemini’s discovery that the hackers’ group, consisting of a network of 64 attacker domains and 73 exfiltration domains, has targeted more than 570 e-commerce sites in 55 countries since April 2017. Attacks are now a daily occurrence.

Gemini estimates Keeper has generated upwards of $7m (€6.2m) from selling compromised payment cards, based on the dark web median price of $10 per card used through the card not present (CNP) system.

More than 85% of the victim sites operated the Magento content management system which boasts over 250,000 users worldwide and is known to be the top target for Magecart, according to US-based Gemini. Most companies subjected to the attacks were in the US, with 28% of the total, followed by the UK and the Netherlands. 

“The Keeper Magecart group has been active for three years, over which time it has continually improved its technical sophistication and the scale of its operations,” Gemini wrote in a blog on its website.

“[Given] increased cybercriminal interest in CNP data during the Covid-19 quarantine measures across the world, this group’s market niche appears to be secure and profitable,” it added.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.