Evasion Tactics in Hybrid Credit Card Skimmers
Denis Sinegubko The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to…
Browsing Category
Magento Security
94 posts
Vulnerabilities Digest: April 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Widget Settings Importer/Exporter Stored XSS Closed 40000 Accordion Stored/Reflected XSS 2.2.9 30000 Support Ticket System By…
Web Skimmer With a Domain Name Generator – Follow Up
This note is a follow up to our recent post about a web skimmer that uses a dynamic domain name generating algorithm. This week, analyst…
Magento JavaScript Skimmer Targets Tarjetas de Crédito
Luke Leal A website owner recently contacted us regarding a payment problem on their Magento website. A suspicious payment card form was loading for customers who were…
Web Skimmer with a Domain Name Generator
Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the…
Magento Login Stealer in Fake bg_white.png Image
Our Remediation team analyst Ben Martin recently found a malicious injection in a compromised Magento 1.9.x installation that was stealing Magento user login credentials. The…
Magento Credit Card Stealer: harilov[.]com
Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It…
Hacked Website Threat Report – 2019
Rianna MacLeod The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop…
Web Swiper in Image Title
Cybercriminals regularly try a variety of approaches to hide their malicious code — web skimmers are well known for using all sorts of obfuscation and…
Magento Skimmer Found Loading from magecart[.]net
We recently came across a simple Magento credit card skimmer found on a compromised website that was loading from the malicious domain magecart[.]net. The malicious…
Top 10 Sucuri Research Articles in 2019
Justin Channell As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides…