Credit Card Skimmer Malware Targeting Magento Checkout Pages

Summary:
A recent investigation revealed a malicious JavaScript injection targeting Magento websites, specifically during the checkout process. This malware creates fake credit card forms or extracts payment fields, leading to the theft of sensitive customer data. The stolen information is then encrypted and sent to a remote server.

#MagentoMalware #EcommerceSecurity #DataExfiltration

Keypoints:

  • Magento websites are frequently targeted due to their popularity in eCommerce.
  • The malware dynamically creates fake credit card forms or extracts payment fields.
  • Activation occurs specifically on checkout pages.
  • Stolen data is encrypted before being exfiltrated to a remote server.
  • Discovery of the malware was made by Weston Henry from the investigative team.
  • MITRE Techniques:

  • Data Encrypted for Impact (T1486): Encrypts stolen data to prevent detection and facilitate exfiltration.
  • Exfiltration Over Command and Control Channel (T1041): Uses established communication channels to send stolen data to remote servers.
  • IoC:

    No IoC Found

    Credit Card Skimmer Malware Targeting Magento Checkout Pages

    Magento websites are a frequent target for cybercriminals due to their widespread usage in eCommerce and the valuable customer data they handle. During a routine investigation, we discovered a malicious JavaScript injection targeting Magento websites. This malware dynamically creates a fake credit card form or extracts payment fields directly depending on the variant of the malware, activating only on checkout pages. The stolen data is then encrypted and exfiltrated to a remote server.

    Overview of the infection:

    Initially discovered by Weston Henry, a colleague on our team, the malware is designed to target Magento-powered eCommerce websites, specifically their checkout processes.

    Continue reading Credit Card Skimmer Malware Targeting Magento Checkout Pages at Sucuri Blog.


    Full Research: https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html