Malware Steals Account Credentials

SUMMARY :

A malicious script targeting e-commerce sites, particularly Magento, has been discovered. The script, found in the dataPost.js file, is heavily obfuscated and designed to steal customer account credentials and admin login details. It waits for login actions to trigger, then scrapes data entered into the form. The stolen information is sent to a domain mimicking legitimate jQuery repositories. This malware appears tailored for specific site designs, potentially allowing attackers to make site changes or install malicious modules. To protect against such attacks, regular password updates, software updates, principle of least privilege for admin accounts, and IP restrictions for admin logins are recommended.

OPENCTI LABELS :

credential theft,obfuscation,magento,e-commerce,account hijacking,admin access


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Malware Steals Account Credentials