[ad_1]
NewEgg, the famous hardware and electronics retailer, was apparently hit by the same attackers who stole payment data and were targeting TicketMaster UK and British Airways. The attackers, referred to by the researchers as Magecart, were able to inject 15 lines of JavaScript code into NewEgg's online store that was transmitting credit card and other data to a server with a domain name that was part of NewEgg Web infrastructure. It seems that all last month's web transactions have been affected by the violation.
The details of the breach were reported by the RiskIQ security research companies (who revealed the code behind the British Airways attack) and Volexity Threat Research today. The attack was stopped by NewEgg on Sept. 18, but it appears to have actively diverted payment data since August 16, according to reports from security researchers. Yonathan Klijnsma, head of research at RiskIQ, said the methods and code used were almost identical to those of British Airways, while the violation of Ticketmaster was due to a code injected by a third party provider. were the result of a compromise between the JavaScript libraries hosted by the companies themselves.
The domain used by the attack, neweggstats.com, was hosted on a server of the Dutch WorldStream hosting provider and had a certificate. The domain was registered via Namecheap on August 13, using a privacy protection company in Panama. The domain TLS certificate was purchased by Comodo the same day. The Comodo certificate was probably the most expensive part of the infrastructure of the attackers.
-
The malicious code injected into the NewEgg payment process.
-
The SSL certificate for the fraudulent NewEgg domain used by Magecart attackers.
As of August 16, the code on the NewEgg payment page, specifically "CheckoutStep2.aspx", the ASP.NET payment page provided by NewEgg's shopping cart system, included 15 lines of JavaScript code. the complete form on the remote server. "The initial event methods related to the btnCreditCard button allow all captured data to be sent to the destination specified by the attacker when a mouse button is released, and when the ################################################################################################### A touch screen was pressed and released "-The code allowed the attack to work on both computers and mobile devices.
The NewEgg attack is just one of the attacks of RiskIQ against Klijnsma. "Magecart attacks are on the rise," said Klijnsma, noting that "the automatic detection of Magecart violations by RiskIQ hits us almost every hour.
Ars tried to reach NewEgg for a comment but received no response. We will update this story if more details become available.
Source link
