Malware Steals Account Credentials

Description

A malicious script targeting e-commerce sites, particularly Magento, has been discovered. The script, found in the dataPost.js file, is heavily obfuscated and designed to steal customer account credentials and admin login details. It waits for login actions to trigger, then scrapes data entered into the form. The stolen information is sent to a domain mimicking legitimate jQuery repositories. This malware appears tailored for specific site designs, potentially allowing attackers to make site changes or install malicious modules. To protect against such attacks, regular password updates, software updates, principle of least privilege for admin accounts, and IP restrictions for admin logins are recommended.