A malicious hacking group named Magecart Group 5 (MG5) is reportedly taking control over the layer 7 (L7) public Wi-Fi routers typically deployed in hotels, airports, casinos, and resorts. According to security experts from IBM X-Force Incident Response and Intelligence Services (IRIS), Magecart Group is specifically targeting Wi-Fi routers that provide commercial Wi-Fi service in public areas.
MG5 was involved in multiple cyber intruders, including attacks on British Airways and a ticketing website Ticketmaster. Recently, the attackers used a skimming script, a malicious code, to steal data from 201 online stores that were catering to 176 colleges and universities in the U.S. and 21 in Canada. The security researchers at Trend Micro stated that they detected the Magecart attack against multiple campus online store websites on April 14, 2019, which were injected with a malicious skimming at their payment checkout pages.
The hacker group is also responsible for the recent data breach that impacted several websites by injecting malicious code. According to a report from threat intelligence firm RiskIQ, the hackers used a “spray-and-pray” approach to compromise and plant malicious code on over 17,000 domains since April 2019.
By compromising a few sites, the malicious code spread to thousands of other sites, including Picreel, Alpaca Forms, AppLixir, RYVIU, OmniKick, eGain, and AdMaxim. RiskIQ stated the attackers have been active in web skimming for a long time and started compromising unsecured S3 buckets in early April.