Credit Card Skimmer Malware Targeting Magento Checkout Pages

Tags

External References

• https://blog.sucuri.net/
• https://otx.alienvault.com/

Description

A sophisticated credit card skimmer malware has been discovered targeting Magento-powered eCommerce websites, specifically their checkout processes. The malware dynamically creates a fake credit card form or extracts payment fields, activating only on checkout pages. It uses advanced obfuscation techniques to avoid detection and is present in both filesystem and database. The stolen data, including credit card information and customer details, is encrypted and exfiltrated to remote servers using a beaconing technique. The infection was initially detected through routine inspection, revealing malicious scripts loaded from blacklisted domains. The malware's sophisticated approach and encryption mechanisms make it challenging to detect, emphasizing the need for regular security audits and robust protective measures for eCommerce platforms.

Date