216.73.217.80

Credit Card Skimmer Malware Targeting Magento Checkout Pages

· Published 27/11/2024 16:16 · Modified 29/11/2024 13:34

Export JSON

Essential information

Published
27/11/2024 16:16
Modified
29/11/2024 13:34
Tags
2024-11-27 checkout pages credit card skimmer data exfiltration ecommerce encryption javascript injection magento obfuscation
Related entities
1 malware, 1 others

Description

A sophisticated malware has been discovered targeting -powered websites, specifically their checkout processes. The malware dynamically creates a fake credit card form or extracts payment fields, activating only on . It uses advanced techniques to avoid detection and is present in both filesystem and database. The stolen data, including credit card information and customer details, is encrypted and exfiltrated to remote servers using a beaconing technique. The infection was initially detected through routine inspection, revealing malicious scripts loaded from blacklisted domains. The malware's sophisticated approach and mechanisms make it challenging to detect, emphasizing the need for regular security audits and robust protective measures for platforms.

External references