A consumer makes online purchase from an e-commerce website. (Antara Photo/Aprillio Akbar)

Three Indonesians Arrested for Malware Attacks Targeting Online Stores


JANUARY 24, 2020

Jakarta. The Indonesian Police have arrested three people accused of using e-commerce data theft framework named JS Sniffer.

The suspects are indentified by their initials K., M.A. and A.N. Police alleged that they had used the JS Sniffer malware to steal customer data from compromised e-commerce websites, including credit card and personal data.

Senior Comr. Himawan Bayu Aji, an officer with the National Police’s cyber crime unit, said on Friday that the malware has infected 2,440 e-commerce websites globally, affecting more than 1.5 million users around the globe.

The three Indonesians are believed to be part of a global network who could illegally access websites in the U.K., South Africa, Australia, the Netherlands and Germany.


“They looked for vulnerability in these sites, then they created a fake gateway that consumers must go through during transactions,” Bayu said. 

“They have collected data of about 500 credit cards prior to the arrest and they used them for purchases. They have benefited between Rp 300 million [$22,100] and 400 million from the crime,” he said.

The suspects were able to collect credit card numbers, PayPal accounts, emails, home addresses, phone numbers as well as usernames and passwords used by unsuspected e-commerce users.

The arrest was made under the Night Fury Operation initiated by the Interpol through the Asean Cyber Capability Desk. Under the regional command, the Indonesian Police agreed to share information and evidence to other countries.

Bayu said his team would continue pursuing more suspects. 

For Indonesian e-commerce customers, he suggested three key steps to prevent them from becoming a target of malware attacks. 

First, to use the latest antivirus program; second, to use virtual private network, or VPN, while browsing the internet; and third, to immediately report to bank when noticing unrecognized transactions using his/her credit card or bank account.