Previously known for the British Airways and Ticketmaster breach, the Magecart group has now moved on to the hardware and electronic space, infiltrating Newegg. Any customer using the site and providing valid credit information between August 14th and September 18th are at risk. Although there is not an exact number, Newegg receives 50 million visitors per month. A remote server and a few lines of malicious JavaScript code of about 15 lines are all it took for Magecart to pull this off. They registered a domain called neweggstats(dot)com on August 13, almost identical to the original domain, and they even were able to acquire an SSL certificate. The code was then implemented into the Newegg website. This feature would only work if the customer clicked on the payment page, which helped it go undetected. Newegg customers are advised to contact their financial institute, cancel cards, and change passwords. Based off the activity that we have been seeing from the group over recent weeks, it is possible that we will see more attacks from this group over the coming months.
