• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Credit Card Stealers

Labs Note

November 11, 2020Denis Sinegubko

Another Credit Card Stealer That Pretends to Be Sucuri

During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into the database of a Magento site. The first 109 lines of the malware don’t contain…

Read More about Another Credit Card Stealer That Pretends to Be Sucuri

Labs Note

April 23, 2020Denis Sinegubko

Web Skimmer With a Domain Name Generator – Follow Up

This note is a follow up to our recent post about a web skimmer that uses a dynamic domain name generating algorithm. This week, analyst Ben Martin found another variation…

Read More about Web Skimmer With a Domain Name Generator – Follow Up

Labs Note

April 17, 2020Luke Leal

Magento JavaScript Skimmer Targets Tarjetas de Crédito

A website owner recently contacted us regarding a payment problem on their Magento website. A suspicious payment card form was loading for customers who were trying to pay for items…

Read More about Magento JavaScript Skimmer Targets Tarjetas de Crédito

Labs Note

February 7, 2020Luke Leal

Magento Credit Card Stealer: harilov[.]com

Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It was being used to capture…

Read More about Magento Credit Card Stealer: harilov[.]com

Web Swiper in Image Title

January 27, 2020Denis Sinegubko

Web Swiper in Image Title

Cybercriminals regularly try a variety of approaches to hide their malicious code — web skimmers are well known for using all sorts of obfuscation and masquerading. Suspicious Img Tag Our…

Read More about Web Swiper in Image Title

Labs Note

August 12, 2019Denis Sinegubko

KOSONG Credit Card Stealer

Our security analyst Christopher Morrow recently discovered a server-side Magento skimmer that was injected into the savePayment function in the app/code/core/Mage/Checkout/Model/Type/Onepage.php file. This code emails payment details to “reachead@yandex[.]com“, then…

Read More about KOSONG Credit Card Stealer

Labs Note

August 7, 2019Luke Leal

Hydro-Quebec phishing

We have found an interesting phishing kit containing numerous phishing pages which target large, popular brands like Amazon and Paypal. What was interesting about this kit was that it also…

Read More about Hydro-Quebec phishing

Labs Note

June 20, 2019Krasimir Konov

CC Stealing Code Pretending to be Bing Ads

During a recent investigation we found this suspicious code pretending to be associated with Bing ads.After further review, we see that the code is actually injecting JavaScript from “js-mini[.]com”.The injected…

Read More about CC Stealing Code Pretending to be Bing Ads

Labs Note

May 10, 2019Denis Sinegubko

Images Loading Credit Card Swipers

We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly benign, invisible image from the…

Read More about Images Loading Credit Card Swipers

Labs Note

June 8, 2018Cesar Anjos

Magento CC Stealer Reinfector

We have seen many times in the past few months how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials, but we…

Read More about Magento CC Stealer Reinfector

Labs Note

July 7, 2017Conrado Torquato

A Simple Prestashop Login Swiper

In a compromised environment, attackers may inject malicious code into different files, including the core of different CMSs, in order to maintain access to the website and/or obtain sensitive data….

Read More about A Simple Prestashop Login Swiper

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.