Home Testimonials Company Support 1–888–873–0817
Home Notes Malware Signatures About

We regularly find malware that tries to steal client credit card details from Magento sites. Hackers use a few tricks and slightly modify their code from time to time.

For example, we've seen multiple modifications of the code reported in this article. Instead of using HTTP requests to send data to their own site, hackers often just email the stolen data to their emails.

To hide the email address they use the following modification:

where Y3NfdG9vbHM0dXNAeWFob28uY29t decodes to cs_tools4us@yahoo.com

Regardless of the actual code, the best way to mitigate this issue is preserve integrity of Magento core files. The files hackers usually modify are:

  • app/code/core/Mage/Payment/Model/Method/Cc.php
  • includes/src/Mage_Payment_Model_Method_Cc.php

Of course, removing the malicious code is not enough. You should find and close security holes to prevent reinfections.