Magento Skimmers: From Atob to Alibaba

Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this:

It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively.

The campaign used a variety of different domain names and targeted all sorts of payment processing systems, which is well described in the Group IB’s report.

Continue reading Magento Skimmers: From Atob to Alibaba at Sucuri Blog.

Story added 7. August 2019, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

Apple reportedly offering WWDC tickets to select developers after quick sell-out
Known Issue: Duo Authentication on Mac Platforms
Disaster recovery: How is your business set up to survive an outage?
Chrome for Windows Gets Hardware-enforced Exploitation Protection
Microsoft Windows Storage Service CVE-2019-0998 Local Privilege Escalation Vulnerability
Some Androids don’t call 911 when you tell them to call an ambulance
North Korea Rocket Launch Used As Backdoor Lure
Researchers Find Exploitable Bugs in Mercedes-Benz Cars
Are You Getting Buried by the Endpoint Security Snowball Effect?
Apple Patches ‘Actively Exploited’ iOS Security Flaw

Magento Skimmers: From Atob to Alibaba

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts