SBN

The Magecart Cybercrime Group Is Threatening E-Commerce Websites Worldwide

Introduction

In recent weeks, the Magecart cybercrime group has conducted a number of successful attacks against e-commerce websites worldwide. The group specializes in compromising e-commerce websites to steal payment details belonging to visitors that make purchases online. The group has been active since at least 2015, and recently it has hacked several websites, including Ticketmaster and British Airways.

The Magecart hackers compromise websites by injecting a skimmer script in the pages involved in the payment process. Let’s analyze the attacks to better understand how this threat actor works.

Date Victim
August – September 2018 Newegg
August – September 2018 Feedify
August 2018 British Airways
June 2018 Ticketmaster
October 2018 Cancer Research UK

Newegg

In September 2018, security experts observed an intensification of the activity associated with the Magecart cybercrime group. One of their victims was the computer hardware and consumer electronics retailer Newegg: The group stole customers’ credit card data from its website. Researchers from the security firms Volexity and RiskIQ have conducted a joint investigation into the security breach.

Volexity was able to verify the presence of malicious JavaScript code limited to a page on secure.newegg.com presented during the checkout process at Newegg. The malicious code specifically appeared once when moving to the Billing Information page while checking out,” reported Volexity.

“This page, located at the URL https://secure.newegg.com/GlobalShopping/CheckoutStep2.aspx, would collect form data, siphoning it back to the attackers over SSL/TLS via the domain neweggstats.com.”

The Magecart group managed to compromise the Newegg website and steal the credit card details of all customers who made purchases between August 14th and September 18th, 2018.

“On August 13th Magecart operators registered a domain called neweggstats.com with the intent of blending in with Newegg’s primary domain, newegg.com. Registered through Namecheap, the malicious domain initially pointed to a standard parking host,” reads (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Chris Sienko. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/q7b-h9HeDM0/