Stylish Magento Card Stealer loads Without Script Tags

Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this post I will go over how it was found, how to decode it and how it works!

One of our clients was reporting that one of their website visitors was receiving a warning from their antivirus program when navigating to their checkout page:

Calls were being made to a known malicious domain that was already blacklisted by multiple vendors for distributing malware and involvement in carding attacks:

This certainly indicated that a card stealer was present somewhere on our client’s website.

Continue reading Stylish Magento Card Stealer loads Without Script Tags at Sucuri Blog.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest