The infamous hacking group known as Magecart, the one behind the Ticketmaster and British Airways hacks, has now attacked PC equipment and electronic equipment retailer Newegg.

The Magecart group figured out how to penetrate the Newegg site and take the Visa credit card entries of all clients who entered their card data info between August 14 and September 18, 2018, as indicated by a joint investigation by Volexity and RiskIQ.

Therefore, the Magecart hackers utilised what experts call “a computerized Mastercard skimmer” wherein they embed a couple of lines of JavaScript code. This was injected into the checkout page of Newegg that stored data of clients who were buying equipment. Afterwards, Magecart managed to send it to a remote location.

Active since 2015, the Magecart hackers registered domain called neweggstats(dot)com on August 13, like Newegg’s authentic space, and procured a SSL certificate issued for the domain by Comodo for their site.

Couple of days later, the gathering of data with usage of the skimmer code in the Newegg site at the payment page was executed with the goal that the process wont start unless the checkout page was hit. Along these lines, when clients include an item in their shopping basket, enter their data during the initial step of the registration, and approve their location, the site takes them to the payment processing page to enter their card information.

As soon as the buyer hits the submit button after entering their credit card info, the skimmer code sends a copy of that data to the neweggstats(dot)com without compromising the checkout process.
“The skimmer code [used in the Newegg breach] is recognizable from the British Airways incident, with the same basecode,” researchers concluded.
According to Volexity: “All the attackers changed is the name of the form it needs to serialize to obtain payment information and the server to send it to, this time themed with Newegg instead of British Airways.”

To conclude, these attacks certainly showed how few simple lines of JavaScript can compromise eCommerce site and lead to a huge amount of personal data being stolen. Since these attacks are based on minimal knowledge required, it is obvious that the same will increase over time.

Article Categories:
Data Breaches
Security Land

Security Land is not just an website - it's a collective intelligence of cybersecurity enthusiasts, experts, and analysts.

    Leave a Reply