0 Replies - 502 Views - Last Post: 19 September 2018 - 08:44 AM

#1 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 15359
  • View blog
  • Posts: 61,588
  • Joined: 12-June 08

Magecart payment skimming now hits Newegg

Posted 19 September 2018 - 08:44 AM

Bought anything off Newegg since August 13 of this year? Check your accounts!


Quote

Researchers from RiskIQ, together with Volexity, revealed that California-based retailer Newegg is the latest well-known merchant to succumb to the threat actors.

On Wednesday, the security firm said in a blog post that a payment skimming scheme has been in operation since August 13.
[...]
The skimmer code was in operation for at least a month and was not removed until September 18th.

https://www.zdnet.co...ant-data-theft/

More on how:

Quote

After a customer selected a product on the platform and put the item in their online shopping cart, the first step of the checkout process began, which was the validation of a physical address. The customer was then sent to a new page to begin the financial aspect of the purchase.

It was on this page that the malicious code set to work, whether or not a customer accessed Newegg through a desktop PC or mobile device.


Interesting - here is the JS code.
Posted Image

This same attack was done with British Airways a month or so back too.

More info: https://www.riskiq.c...agecart-newegg/

Is This A Good Question/Topic? 1
  • +

Page 1 of 1