Monday, June 16, 2025
HomeComputer SecurityMagecart Hackers Group Attack High-grade Wi-Fi Routers To Take Control The Public-WiFi...

Magecart Hackers Group Attack High-grade Wi-Fi Routers To Take Control The Public-WiFi Networks

Published on

SIEM as a Service

Follow Us on Google News

A financially motivated hacking group called ” Magecart Group 5 (MG5) “targeting high-end commercial-grade layer 7 (L7) WiFi routers and take taking control over the public Wi-Fi networks that deployed in airports, casinos, hotels, and resorts.

Threat actors initiate the attack by injecting malicious code into the legitimate Javascript file that loaded by the layer 7 (L7) routers.

Magecart Group 5 group name has been derived since the attackers used a modus operandi with 38 different cybercrime factions that they used to attack E-commerce sites that includes hacking carts, checkout pages or web logic and more.

- Advertisement - Google News

Earlier this Year, MG5 threat group have been already involved with attacking hundreds of E-commerce Websites Injecting with Skimming Code That Steals Payment card Data.

Wi-Fi Routers

Researchers found that additionally, attackers were injecting malicious payment card stealing code into a popular open-source JavaScript library, a free library to help e-commerce websites to be compatible with mobile browsers.

This technique allows attackers to infect the mobile devices to gain access and take control over the application running on the compromised mobile.

Attack Commercial-Grade, L7 WiFi Routers

Threat actors specifically target and infect the code in Wi-Fi routers that provide commercial Wi-Fi service in public areas such as hotels or Airports.

Commercial-class layer 7 routers integrate by both routing and switching capabilities and reside in the same virtualization server as other business-critical IT infrastructure components that allows an attacker to take control of the other part of the network.

According to IBM research, ” popular routers in this category can also present risky features when it comes to information security — content filtering, redirection to interstitial pages, payload rewriting and traffic shaping are just a few of those features.”

Once the attackers compromised the web resources that an L7 router loads, they can abuse this feature and use it against the user and attack their Wi-Fi connected devices.

Wi-Fi Attack Scenario

Generally, WiFi service vendor who offers WiFi to the hotel won’t support the proxying adverts or JavaScript injection.

But when we are staying in a hotel, we are often getting ads in our devices when we connect via captive ports because WiFi vendors offer a discounted price to the hotel for the Wi-Fi operation and prompt them to allows midstream ads to run before guests connect to generate extra revenue from 3 rd parties.

But the hotel operators doesn’t know that potential hacker groups such as MG5 could be taking advantage of a massive number of captive users and infect the Ads, JavaScript injections and ultimately steal financial data but the users will never find how they lost their information or money.

Attackers also can steal the payment data when users browser using Wi-Fi connection from the compromised computer and also inject malicious ads.

” Having access to a large number of captive users with very high turnover — such as in the case of airports and hotels — is a lucrative concept for attackers looking to compromise payment data.” Researched said.

You can read here the about How To Secure Wi-Fi Networks Effectively From Hackers – A Complete Guide.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read: 10 Best WiFi Hacking Apps for Android – 2019 Edition

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks

Fog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime:...

JSFireTruck Obfuscation Helps Cybercriminals Hijack Trusted Sites with Malicious JavaScript

A sophisticated and extensive cyber attack campaign has been uncovered, in which threat actors...

Don’t Click “Unsubscribe” links blindly It May Leads to Loss of Credentials

Imagine your inbox is overflowing with promotional emails—some from familiar companies, others less so....