archive

crimeware

  1. Magecart Strikes Again: Newegg in the Crosshairs

    Volexity has conducted the following research in collaboration with RiskIQ. We will discuss the same incident from different perspectives. RiskIQ’s report of this activity can be seen here. In another brazen attack against a major online retailer, the actors behind Magecart have struck the eCommerce operations of the popular computer hardware and electronics retailer Newegg. With this latest attack, newegg.com joins the ranks of high-profile eCommerce websites that have fallen victim to the financial theft group. Based on findings recently published by RiskIQ, Magecart was identified as being responsible for a recently publicized breach claiming upwards of 380,000 victims that had used the¬†British Airways website or mobile application. As it turns out, a nearly identical data theft campaign was being carried out against Newegg at the same time. In fact, it appears the Newegg compromise may have started nearly a week earlier. Volexity was able to verify the presence of […]

  2. JS Sniffer: E-commerce Data Theft Made Easy

    In late 2017, Volexity began tracking a new e-commerce financial data theft framework named JS Sniffer. The framework gives attackers a quick and efficient way to steal data from compromised e-commerce websites. JS Sniffer is optimized to steal data from compromised websites running the Magento e-commerce platform. However, Volexity has observed the framework on e-commerce websites leveraging OpenCart, Dealer.com, Shopify, WordPress, and others as well. Volexity initially identified the framework following a highly targeted attack campaign against a website that facilitates online ticket sales for numerous events and venues. One of the websites affected by this breach was an online retailer selling tickets for New Year’s Eve events in a large metropolitan area. The website’s checkout page was modified to house malicious code designed to steal information entered, such as name, address, credit card data, and even login credentials. This was done through the use of embedded JavaScript, collecting user […]