Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint analysis from Volexity and RiskIQ.
Active since at least 2015, the Magecart hacking group registered a domain called neweggstats(dot)com on August 13, similar to Newegg’s legitimate domain newegg.com, and acquired an SSL certificate issued for the domain by Comodo for their website.
A day later, the group inserted the skimmer code into the Newegg website at the payment processing page, so that it would not come into play until or unless the payment page was hit.
So, when customers add a product in their shopping cart, enter their delivery information during the first step of the check-out, and validate their address, the website takes them to the payment processing page to enter their credit card information.
As soon as the customer hit submit button after entering their credit card information, the skimmer code immediately sends a copy that data to the attacker’s domain, i.e., neweggstats(dot)com without interrupting the checkout process.
images from Hacker News