Caution! Credit card detail hijacking case on Magento

This post summarises a recent case of credit card details hijacking that took place on one of our clients’ websites. It is estimated that this type of attack can be replicated on any Magento store where:

• all admin users have access to the backend config area,
• 2-factor authentication is not in place.

The issue

An intruder got access to the admin user account and injected JS code in the Scripts and Style Sheets section. The malicious JS was referring to obfuscated (encrypted) w.js file on purechat.org, which closely resembles …

Curious to read the full story? Head over to our blog to learn what happened and how the issue was resolved →