A malicious script targeting e-commerce sites, particularly Magento, has been discovered. The script, found in the dataPost.js file, is heavily obfuscated and designed to steal customer account credentials and admin login details. It waits for login actions to trigger, then scrapes data entered into the form. The stolen information is sent to a domain mimicking legitimate jQuery repositories. This malware appears tailored for specific site designs, potentially allowing attackers to make site changes or install malicious modules. To protect against such attacks, regular password updates, software updates, principle of least privilege for admin accounts, and IP restrictions for admin logins are recommended. Author: AlienVault
Related Tags:
admin access
account hijacking
magento
T1102.003
T1592.002
T1557.001
T1059.007
Obfuscation
T1555
Associated Indicators:
null