Magecart Early Breach Detection Feed
by Team Sansec
Published in Guides
Sansec operates a crawler network that monitors hundreds of thousands of global stores for signs of Magecart (skimming) attacks. This produces near-realtime visibility in the global attack landscape, and enables us to monitor emerging attacks at a very early stage. It also gives us unique insights in the infrastructure that is used to operate skimming networks.
The crawler network has been operational since 2015. Since then, Sansec has identified more than 60 thousand stores with skimming malware.
The Sansec Early Breach Detection Feed (SEBDEF) is licensed to PSPs, PFIs, LE and financial institutions. Please contact us to discuss how your organization would benefit from our unique data.
The SEBDEF data is exposed in two ways:
- Daily delta update push per mail
- Delta querying via API endpoint (JSON)
Data format
SEBDEF data contains sets of detections within a given time range. A detection is a status change for a particular domain (has malware: yes/no). Furthermore, each detection has:
- The parent domain name, with approximate Alexa rank.
- Platform & version of the detection ecommerce platform, if available.
- Zero or more signature matches, each with:
- The specific URL that contained the malware indicator and was referenced from the parent site.
- A confidence value 1-100. Anything below 90 is low-confidence and may concern a false positive.
- The relevant code snippet that triggered our heuristic.
Email reporting
Please add "@sansec.io" to your trusted senders, as email messages with malware references may get blocked by some mail gateways.
You will receive a daily text report for the previous 24h.
API polling
If your license covers API access, we will send you API credentials and usage instructions separately.
Please direct implementation assistance requests to [email protected].
In this article
Easy CSP for your store?
Try Sansec Watch! Free, simple and fully integrated. Get PCI compliant alerting with minimal effort.
Sansec Watch