Thursday, September 20, 2018

A dangerous Hackers group succeeds in penetrating the Newegg store and stealing millions of bank cards for customers

A dangerous Hackers group succeeds in penetrating the Newegg store and stealing millions of bank cards for customers

Newegg, one of America's largest online stores, was hacked by a group of hackers known as fraudsters who sneaked into the website and stole credit card details for all customers who entered their payment card information from August 14 to 18 September 2018, according to a joint analysis by Volexity and RiskIQ. These hackers managed to sneak into the site by using what the researchers called the digital credit card skimmer. They inserted a few lines of malicious code on the exit page of Which contains payment information for customers who purchase on the site and then send it to a remote server.

This group, known as Magecart, is known to have been active since at least 2015, planning the operation by opening a website and registering a domain name And received a site protection certificate and one day later, the group inserted a code into the targeted website on the Payment Processing page, so that it would not enter into force unless the payment page was reached.
So when customers add a product to their shopping cart, they enter their delivery information during the first step of checking out and verify their addresses, and the website takes them to the payment processing page to enter their credit card information. Once the customer clicks the Submit button after entering his credit card information, the code immediately sends a copy of that information to the attacker's domain, which sends the bank card information directly to the site created by the hackers and without interrupting the checkout process.
This penetration could affect millions of Newegg customers, whether they used the computer and the phone, although it is still unclear how many customers have already been hacked for breach of credit card information. However, the site's figures indicate that more than 50 million shoppers visit the online store each month and that the malicious code has been in place for more than a month. It can be assumed that the new card-clearing campaign by piracy has stolen payment information for millions of Newegg customers, If only a fraction of these visitors are buying from the store.

No comments:

Post a Comment