Foregenix Blog

Magento Malicious JavaScript in Action

Posted by Benjamin Hosack on 08/11/16 14:48

Magento websites have been under attack from a new malicious JavaScript family of malware - our forensic team has been working with many hacked websites to help them regain control of their online businesses and to limit losses.

Here is a recording made this morning of a demo transaction on a live website with the browser showing the background website activity in the browser. 

Here's the breakdown of what actions our "buyer" made:

Live website on the left, developer tools view on the right showing website background activity.

0:04 - Buyer enters name, credit card number, expiry date and CVV number.

0:14 - Buyer checks the order and at the same time, network activity shows customer data being captured and sent directly out to the attacker via email (partially obfuscated to protect identity of hacked website).

0:19 - Buyer's credit card number harvested, along with name and address.

0.24 - Buyer's CVV number is harvested.

The buyer's personal data and payment card data is STOLEN before the buyer clicks "Order and Pay Duty".

And that's it - simple and highly effective theft.

This is affecting MANY Magento websites - is yours affected?

Guided Website Threat Review

 

 

Topics: web security, Magento, malware, JavaScript