Russia’s Prosecutor General’s Office has announced the indictment of six suspected “hacking group” members for using malware to steal credit card and payment information from foreign online stores.
These attacks are known as card skimming, which involves infecting e-commerce websites with malicious code that either steals customers’ input on order checkout pages or through fake payment page overlays.
The threat actors use the payment card info to make unauthorized purchases sent to money mules or sell them to other cybercriminals on dark web marketplaces.
In a rare case of tackling cybercrime, the Russian authorities announced the indictment of six men, named Denis Priymachenko, Alexander Aseev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev, for card skimming crimes.
According to investigations, the six suspects started the malicious activity nearly seven years ago and managed to steal over 160,000 payment cards.
“Since the end of 2017, these individuals, using computer programs, bypassed the protection of foreign online store websites and gained access to their databases,” reads the announcement (machine translated)
“Then, using special malicious code, they copied the necessary details of bank cards and placed them on their remote servers.”
The Russian authorities say that the card skimming group did not use the stolen cards themselves but instead sold them on dark web platforms.
The six men are accused of committing crimes relating to Part 2 of Article 187 (illegal turnover of payment means) and Part 3 of Article 273 (creation, use, and distribution of malicious computer programs) of the Criminal Code of the Russian Federation.
The suspects are being sent to the Soviet District Court of Ryazan, which will decide on their penalty.
Online buyers are advised to pay with digital payment methods or one-time private cards, so the damage is minimal even when card skimmers have infected the e-shop.
Also, regularly monitoring credit card statements for unauthorized charges is advisable to catch a compromise early.