JavaScript Used by Phishing Page to Steal Magento Credentials



Digital attackers created a Magento phishing page that used JavaScript to exfiltrate the login credentials of its victims.

Sucuri came across a compromised website using the filename “wp-order.php” during an investigation.

This phishing page hosted what appeared to be a legitimate Magento 1.x login portal at the time of discovery. In support of this ruse, it loaded its CSS code and images from the malicious domain orderline[.]club.

In its analysis of the website, Sucuri found that the Magento phishing page was a bit unconventional in the method by which it exfiltrated its victims’ stolen data. As quoted in its research:

Read more…