Magento Skimmers: From Atob to Alibaba
http://feedproxy.google.com/~r/sucuri/blog/~3/NXuQYhNFJmo/magento-skimmers-from-atob-to-alibaba.html Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively. The campaign used a variety of different domain names and targeted all
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/NXuQYhNFJmo/magento-skimmers-from-atob-to-alibaba.html