A well-known foreign shopping site, NewEgg Network, was found to have been hacked and added malicious code on the webpage to guide users to hacked phishing websites.
This situation has been going on for several months until it was discovered by the security company a few days ago. The credit card number and security code that the user filled in at the time of checkout have been leaked.
Behind this attack is a very active hacker group MAGECART, which had previously stolen data from 400,000 British Airways users.
Phishing sites using regular digital certificates:
The reason why this hacking group can capture British airlines, ticketing websites and NewEgg Network in a short period is mainly careful.
For example, in this NewEgg network attack, the hacker group only embeds malicious code on the payment page, and only when the user prepares to settle the payment, the critical data will be revealed.
Secondly, the phishing website domain name is based on the official website name of the NewEgg net and applies for the formal digital certificate of Comodo. The user can hardly notice the phishing website.
Of course, the ability to successfully invade the NewEgg network tampering page also reflects the strength of the group, but despite the successful invasion, the hacker target only user credit card data.
Credit card security that may affect millions of users:
Since the NewEgg payment page has been hacked and hanged for several months, the NewEgg net has an average of more than 50 million visits per month.
Even if not all users end up buying orders, it also affects a large number of users, and security companies are conservatively expected to have involved millions of users.
At present, the official website of NewEgg Network has sent emails and other notices to users to remind users of the problem of card transactions, but more specific cases are still under investigation.