The Magecart card skimmer ran for more than a month

Sep 19, 2018 14:58 GMT  ·  By

Magecart, the hacking group behind the British Airways hack, managed to infiltrate the website of online US retailer Newegg and stole credit card information using a skimmer as reported by a joint analysis from Volexity and RiskIQ.

The last time when Magecart was in the news they were the threat group who designed and breached the British Airways website and mobile application, and left the scene with a bounty of sensitive data from 380,000 victims.

This time the damage inflicted after hacking into Newegg's website and running a credit card skimming operation from August 14 until September 18 and affecting all customers who entered their payment data, is probably of an entirely different magnitude.

Considering that Newegg has more than 40 million shoppers visiting their website every month, it is safe to assume that Magecart newest card skimming campaign has probably collected the credit card information of millions of paying customers.

The credit card skimming script ran for over a month, probably affecting most if not all Newegg patrons

After using a JavaScript code snippet of only 22 lines of code to steal payment data from British Airways' clients, Magecart managed to improve and this time their new card skimmer script is only 8 lines of code.

The malicious script was added into a page which was part of the Newegg checkout process, located at https://secure.newegg.com/GlobalShopping/CheckoutStep2.aspx on the secure.newegg.com domain.

After the clients entered their payment data, the embedded skimmer script would collect it and send it over a SSL/TLS encrypted connection to the neweggstats.com domain controlled by the Magecart actors.

The initial infection time is not known precisely, but the domain used to collect the stolen credit card info was registered on August 13, via Namecheap, while the malicious script was detected and removed from Newegg's checkout website on September 18.

Photo Gallery (2 Images)

Shop Newegg
The card skimmer script
Open gallery