Website Security News
Keep up to date on the latest Magento infections and mitigation steps to keep your Magento shop secure. Browse our latest posts about Magento security, including the latest vulnerability disclosures, credit card swipers, and PCI compliance.
Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this post I will go over how it was found, how to decode it and how…
Read More about Stylish Magento Card Stealer loads Without Script Tags
MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the…
Read More about Magecart Swiper Uses Unorthodox Concatenation
In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the reasons behind why websites become…
Read More about Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2
When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of…
Read More about Server Side Scans and File Integrity Monitoring
Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection…
Read More about Magento 2 PHP Credit Card Skimmer Saves to JPG
A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that…
Read More about Bogus CSS Injection Leads to Stolen Credit Card Details
During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into…
Read More about Another Credit Card Stealer That Pretends to Be Sucuri
Shopping season is here, and so is the opportunity for ecommerce site owners to grow their business and generate revenue. In lieu of the changing global ecommerce climate that this…
During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a…
Read More about Magento Phishing Leverages JavaScript For Exfiltration
A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want….
Read More about Backdoor Shell Dropper Deploys CMS-Specific Malware
Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the…
Read More about Magento Credit Card Stealing Malware: gstaticapi
