http://feedproxy.google.com/~r/sucuri/blog/~3/NXuQYhNFJmo/magento-skimmers-from-atob-to-alibaba.html
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this:
It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively.
The campaign used a variety of different domain names and targeted all sorts of payment processing systems, which is well described in the Group IB’s report.
Continue reading Magento Skimmers: From Atob to Alibaba at Sucuri Blog.
Source: Security Feed