Credit card stealing malware is becoming more and more customized. We’ve been regularly seeing injected scripts with URLs that either mimic or include a portion of the victim’s site domain. Sometimes the injected code also references the victim’s site.

Recently, we’ve come across another level of customization.

Fake Payment Form in Bulgarian

A compromised Magento site had the following script injected into its core_config_data table.

hxxps://elegrina[.]com/assets/.js,  where was the second-level domain of the infected site.

Continue reading Localization and Customization of Credit Card Stealing Malware at Sucuri Blog.

Via Sucuri.net