Magento Credit Card Stealer Disguised in an <img> Tag

Feb. 13, 2025, 10:12 a.m.

Description

A sophisticated credit card stealing malware, disguised within an tag, was discovered on a Magento-based eCommerce website. The malware uses Base64 encoding to hide its malicious JavaScript code, making it difficult to detect. It activates on the checkout page, waiting for user interaction before collecting credit card information. The script creates a hidden form to capture card details and sends the data to a remote server. This technique allows the malware to avoid detection by security scanners and remain unnoticed by users. The article emphasizes the importance of keeping eCommerce platforms updated, using web application firewalls, enforcing strong passwords, and implementing additional security measures to protect against such attacks.

External References

https://blog.sucuri.net/2025/02/magento-credit-card-stealer-disguised-in-an-tag.html
https://otx.alienvault.com/pulse/67ad4753d4321b2931985f2c
Tags
magento
credit card theft
magecart
ecommerce
javascript injection
2025-02-13
base64 encoding
<img> tag
web security

Date

  • Created: Feb. 13, 2025, 1:13 a.m.
  • Published: Feb. 13, 2025, 1:13 a.m.
  • Modified: Feb. 13, 2025, 10:12 a.m.

Attack Patterns

  • MageCart
  • T1102.003
  • T1056.003
  • T1592.002
  • T1185
  • T1189
  • T1059.007
  • T1055
  • T1140
  • T1027
  • T1059

Additional Informations

  • Retail