New Skimmer Malware Steals Credit Card Data From Checkout Pages

A JavaScript-based malware targeting Magento eCommerce websites has been identified, which is designed to skim payment card details and activates exclusively on checkout pages.

The malware dynamically generates a fraudulent credit card form or directly extracts sensitive payment information, where the stolen data is encrypted and transmitted to a remote server.

The attack vector involves both filesystem and database infiltration, and the malware employs sophisticated obfuscation techniques to evade detection.

Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

Currently, eight websites are confirmed to be infected, with two associated domains already blacklisted by VirusTotal.

Upon investigation, it was discovered to be a malicious script that originated from the blacklisted domain “dynamicopenfonts.app” and was found on a Magento website.

It was found embedded in two locations: within the “default.xml” file located under the Magento theme directory (./app ...