Newegg is a second home for many PC builders. Sadly being such a site makes it a a juice target for hackers on the net. Now per research from Volexity and RiskIQ shows that Newegg was attacked the organization known as Magecart.
Magecart has been call out for conducting attacks on Ticketmaster and British Airways.
RiskIQ explained in a blog post today why the reasoning behind targeting Newegg is so significant when it comes to understanding Magecart:
“The breach of Newegg shows the true extent of Magecart operators’ reach. These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target. The elements of the British Airways attacks were all present in the attack on Newegg: they integrated with the victim’s payment system and blended with the infrastructure, staying there as long as possible.”
The attack itself used malicious JavaScript on the “secure.newegg.com” domain to steal financial information during the checkout process. Volexity said in a blog post today that the script waits for a page to load, allows the victim to fill out their payment info and then allows the data “to be submitted to the attacker-specified destination when a mouse button is released” or “when a touch screen has been pressed and released.”
That compromised information was sent to a domain the attackers set up at “neweggstats.com” via SSL/TLS. Magecart registered the domain on August 13, and not long after, compromised Newegg’s website to place the skimmer code. The researchers said the malicious JavaScript was gone from Newegg’s checkout page on September 18, so the attackers were likely able to steal data from a full month’s worth of transactions.
Newegg has tweeted about the attack shortly after it was made public:
“Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email.”
We hoping to get more details from Newegg soon.
