Magecart Strikes Again: Newegg In The Crosshairs


Magecart Strikes Again: Newegg In The Crosshairs (Sep 19, 2018)

E-Commerce company, Newegg, is the latest victim of credit card-skimming campaign by threat group, MageCart. Between late August and early September 2018, MageCart stole credit card data from British Airways and Feedify, and appear to have used the same malicious JavaScript code to compromise the Newegg checkout page to obtain card credentials. This particular breach of information occurred between August 13, 2018 and September 18, 2018. Both data theft campaigns against Newegg and British Airways appear to have occurred around the same time, with the Newegg campaign starting a week earlier than the British Airways campaign. The malicious JavaScript code was injected into the company’s online shopping “Billing Information” page on their website that sent the credentials entered over to the domain controlled by the threat group where they were subsequently stored.

Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. A bad experience at a retailer site may mean the loss of revenue as impacted users take their money elsewhere. Actors can use this information to potentially coerce more personal data from the victim. Users should monitor their credit statements in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.