Global CyberSecurity

Magento Credit Card Stealing Malware: gstaticapi


Published on 09/25/2020 – Last Updated on 09/25/2020 by OTC

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.

To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” ⁠— this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details.

As seen above, the first if statement looks for the checkout string in the URL using window.location.href.indexOf.

Continue reading Magento Credit Card Stealing Malware: gstaticapi at Sucuri Blog.

NATO Maritime Groups of the northern region link up at sea

Previous article

Dynamic Mariner exercise brings 7 NATO allies together

Next article

You may also like


Comments are closed.