Global CyberSecurity

Magento Phishing Leverages JavaScript For Exfiltration


Published on 10/14/2020 – Last Updated on 10/14/2020 by OTC

During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a Magento phishing page, but nevertheless it successfully loads a legitimate looking Magento 1.x login page.

What is not immediately visible or apparent to victims, however, is that the page elements like the images and CSS structure are almost all loaded from a malicious domain โ€” orderline[.]club:

Harvesting Magento Login Credentials

For stolen data exfiltration, the phishing page uses a technique that doesnโ€™t require a separate PHP file or rely on PHP functions to send out an email to the attacker, which is what we often find for exfiltration on phishing pages like this.

Continue reading Magento Phishing Leverages JavaScript For Exfiltration at Sucuri Blog.

The future USS Mobile (LCS-26) completes acceptance trials

Previous article

YouTube Dominates Google Video in 2020

Next article

You may also like


Comments are closed.