A recent investigation revealed a malicious JavaScript injection targeting Magento websites, specifically during the checkout process. This malware creates fake credit card forms or extracts payment fields, leading to the theft of sensitive customer data. The stolen information is then encrypted and sent to a remote server.
Keypoints:
MITRE Techniques:
IoC:
Magento websites are a frequent target for cybercriminals due to their widespread usage in eCommerce and the valuable customer data they handle. During a routine investigation, we discovered a malicious JavaScript injection targeting Magento websites. This malware dynamically creates a fake credit card form or extracts payment fields directly depending on the variant of the malware, activating only on checkout pages. The stolen data is then encrypted and exfiltrated to a remote server.
Overview of the infection:
Initially discovered by Weston Henry, a colleague on our team, the malware is designed to target Magento-powered eCommerce websites, specifically their checkout processes.
Continue reading Credit Card Skimmer Malware Targeting Magento Checkout Pages at Sucuri Blog.
Full Research: https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html