Bogus CSS Injection Leads to Stolen Credit Card Details

A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that something is amiss, and so I began my investigation.

Malware in Database Tables

As is pretty common with Magento credit card swiper investigations, my initial scans came up clean. Attackers are writing new pieces of malware like it’s going out of style, so there are very frequently new injections to track down and remove.

Continue reading Bogus CSS Injection Leads to Stolen Credit Card Details at Sucuri Blog.

Read more: Bogus CSS Injection Leads to Stolen Credit Card Details