Magecart strikes again, this time at electronics retailer Newegg

(Getty Images)


Written by

Code has been discovered siphoning credit card numbers from consumer technology retail website Newegg, according to security researchers from two cybersecurity companies.

In reports published Wednesday by RiskIQ and Volexity, researchers discovered instances of code liked to the operators of Magecart, a group that has been behind a slew of recent, high-profile credit card number breaches.

Thieves have been siphoning credit card data since Aug. 14, when a piece of Javascript was inserted into Newegg’s payment sites. That code pulled credit card numbers and sent them to a site with a similar URL — neweggstats[.]com. According to Volexity, the code wasn’t removed from the Newegg payment site until Tuesday.

Newegg is an extremely popular retailer, ranking 161 on Alexa’s list of top websites in the U.S. According to SimilarWeb, the site receives 50 million visitors a month.

“Over an entire month of skimming, we can assume this attack claimed a massive number of victims,” a blog from RiskIQ read.

Magecart has been behind a number of recent breaches, including ones targeting British Airways’ website and mobile app and a third-party customer service chat application used on Ticketmaster’s UK website.

Volexity writes that the Newegg attack shows that Magecart is refining its practices, getting better at ways to leverage faults in Javascript to hide and carry out crimes.

“This type of refinement is sure to continue as new organizations are targeted,” a blog post from Volexity’s research team reads. “While Magecart may be a major threat which eCommerce companies need to protect against, the larger issue is the increasing use of JavaScript-based data theft frameworks. … With minimal setup or knowledge required, these attacks will surely increase as time goes on.”

Newegg did not respond for comment.

-In this Story-

credit cards, Javascript, Magecart, newegg, retail, RiskIQ, security research, Volexity