Website Security News
During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into the database of a Magento site. The first 109 lines of the malware don’t contain…
Read More about Another Credit Card Stealer That Pretends to Be Sucuri
This note is a follow up to our recent post about a web skimmer that uses a dynamic domain name generating algorithm. This week, analyst Ben Martin found another variation…
Read More about Web Skimmer With a Domain Name Generator – Follow Up
A website owner recently contacted us regarding a payment problem on their Magento website. A suspicious payment card form was loading for customers who were trying to pay for items…
Read More about Magento JavaScript Skimmer Targets Tarjetas de Crédito
Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It was being used to capture…
Cybercriminals regularly try a variety of approaches to hide their malicious code — web skimmers are well known for using all sorts of obfuscation and masquerading. Suspicious Img Tag Our…
Our security analyst Christopher Morrow recently discovered a server-side Magento skimmer that was injected into the savePayment function in the app/code/core/Mage/Checkout/Model/Type/Onepage.php file. This code emails payment details to “reachead@yandex[.]com“, then…
We have found an interesting phishing kit containing numerous phishing pages which target large, popular brands like Amazon and Paypal. What was interesting about this kit was that it also…
During a recent investigation we found this suspicious code pretending to be associated with Bing ads.After further review, we see that the code is actually injecting JavaScript from “js-mini[.]com”.The injected…
We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly benign, invisible image from the…
We have seen many times in the past few months how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials, but we…
In a compromised environment, attackers may inject malicious code into different files, including the core of different CMSs, in order to maintain access to the website and/or obtain sensitive data….
