Select Page

The notorious hacking group behind the Ticketmaster and British Airways data breaches has now victimised popular computer hardware and consumer electronics retailer Newegg.

Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint analysis from Volexity and RiskIQ.

Magecart hackers used what researchers called a digital credit card skimmer wherein they inserted a few lines of malicious Javascript code into the checkout page of Newegg website that captured payment information of customers making purchasing on the site and then send it to a remote server.

Active since at least 2015, the Magecart hacking group registered a domain called neweggstats(dot)com on August 13, similar to Newegg’s legitimate domain newegg.com, and acquired an SSL certificate issued for the domain by Comodo for their website.

A day later, the group inserted the skimmer code into the Newegg website at the payment processing page, so that it would not come into play until or unless the payment page was hit.

So, when customers add a product in their shopping cart, enter their delivery information during the first step of the check-out, and validate their address, the website takes them to the payment processing page to enter their credit card information.

As soon as the customer hit submit button after entering their credit card information, the skimmer code immediately sends a copy that data to the attacker’s domain, i.e., neweggstats(dot)com without interrupting the checkout process.

images from Hacker News