logo.png
Guided Website Threat Review

Foregenix Blog

Benjamin Hosack

Magento Malicious JavaScript in Action

web security, Magento, malware, JavaScript

,08/11/16 14:48

Magento websites have been under attack from a new malicious JavaScript family of malware - our forensic team has been working with many hacked websites to help them regain control of their online businesses and to limit losses.

Here is a recording made this morning of a demo transaction on a live website with the browser showing the background website activity in the browser. 

Here's the breakdown of what actions our "buyer" made:

Live website on the left, developer tools view on the right showing website background activity.

0:04 - Buyer enters name, credit card number, expiry date and CVV number.

0:14 - Buyer checks the order and at the same time, network activity shows customer data being captured and sent directly out to the attacker via email (partially obfuscated to protect identity of hacked website).

0:19 - Buyer's credit card number harvested, along with name and address.

0.24 - Buyer's CVV number is harvested.

The buyer's personal data and payment card data is STOLEN before the buyer clicks "Order and Pay Duty".

And that's it - simple and highly effective theft.

This is affecting MANY Magento websites - is yours affected?

Guided Website Threat Review

 

 

TRENDING POSTS

Kirsty Trainer
The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More
Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More

Cyber Security Insights

Andrew McKenna
14/09/17 11:50

Containers: Keeping You Secure

Given there’s a lot of talk about containerisation in the applications marketplace at the moment, this post is intended to provide a light ...

Read More

Jake Dennys
11/09/17 13:04

Foregenix Achieve 11 Award Nominations in 6 Months

As a UK-based cybersecurity firm, our employees and clients touch every continent on the globe. Despite the company’s small size, with only 91 ...

Read More

Zacharias Pigadas
08/09/17 15:45

Getting The Most Out Of Your Web Application Penetration Test

The purpose of this post is to help clients better prepare, digest and act upon the results of a web application penetration test. A large amount of ...

Read More

Andrew McKenna
06/09/17 09:54

An Introduction to DevOps

We’ll start at the beginning and ramp up really quickly. DevOps is a portmanteau of development and operations. We can consider it to mean automation ...

Read More

Ewan Gardner
07/08/17 14:51

Anatomy Of A Magento Attack: Froghopper

  Magento is the most popular eCommerce web application in the world, with an estimated 236,000 live web sites using the Content Management System ...

Read More