New Malware Targets Magento E-Commerce Sites Before Black Friday

New card-skimming malware targets Magento e-commerce sites ahead of Black Friday. Cybercriminals are exploiting Magento platforms with a sophisticated card-skimming malware that dynamically extracts payment information from checkout pages. Discovered by Sucuri’s Weston Henry, the malware employs JavaScript injections to create fake credit card forms or directly siphon data from payment fields, making it difficult to detect. The stolen data, including sensitive customer information, is encrypted and sent to a remote server. To combat these threats, Sucuri advises e-commerce site administrators to conduct regular security audits, implement robust web application firewalls, and ensure software is up-to-date with the latest security patches, especially during high-traffic shopping events like Black Friday.