Online retailer Newegg is the latest victim of the actors behind Magecart, a financial theft group responsible for the recent breach of British Airways website and mobile application, involving about 380,000 victims.
Volexity researchers believe that the Newegg website may have been compromised and actively facilitating financial theft for over a month.
A key date in the Magecart attacks against Newegg come from the registration data of the neweggstats.com domain. The domain was registered on August 13, 2018 via Namecheap. This indicates the attackers had likely already compromised the Newegg website and were preparing to launch attacks, according to the researchers.
The malicious code was removed from the Newegg website on September 18, 2018. Volexity was able to confirm the code was no longer present during the checkout process and has not returned.