Magento Phishing Leverages JavaScript addEventListener For Exfiltration

Magento is a e-commerce CMS. This makes it a prime target for hackers looking to steal credit card data or exfiltrate customer data.

Overall Magento is a relatively secure CMS like any web application there’s nothing that is absolutely secure.

There is no specific patch for this, this is Malware being injected into sites that are running older versions of Magento with known vulnerabilities.

Article Excerpt: During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a Magento phishing page, but nevertheless it successfully loads a legitimate looking Magento 1.x login page.

What is not immediately visible or apparent to victims, however, is that the page elements like the images and CSS structure are almost all loaded from a malicious domain — orderline[.]club:

Harvesting Magento Login Credentials

For stolen data exfiltration, the phishing page uses a technique that doesn’t require a separate PHP file or rely on PHP functions to send out an email to the attacker, which is what we often find for exfiltration on phishing pages like this.

Continue reading Magento Phishing Leverages JavaScript For Exfiltration at Sucuri Blog.

Leave a Reply