Caution! Credit card detail hijacking case on Magento
Published in
1 min readDec 31, 2019
This post summarises a recent case of credit card details hijacking that took place on one of our clients’ websites. It is estimated that this type of attack can be replicated on any Magento store where:
- all admin users have access to the backend config area,
- 2-factor authentication is not in place.
The issue
An intruder got access to the admin user account and injected JS code in the Scripts and Style Sheets section. The malicious JS was referring to obfuscated (encrypted) w.js file on purechat.org, which closely resembles …