Localization and Customization of Credit Card Stealing Malware
Credit card stealing malware is becoming more and more customized. We’ve been regularly seeing injected scripts with URLs that either mimic or include a portion of the victim’s site domain. Sometimes the injected code also references the victim’s site.
Recently, we’ve come across another level of customization.
Fake Payment Form in Bulgarian
A compromised Magento site had the following script injected into its core_config_data table.
hxxps://elegrina[.]com/assets/.js, where was the second-level domain of the infected site.
Continue reading Localization and Customization of Credit Card Stealing Malware at Sucuri Blog.
No comments yet.