Magento has just released information regarding a serious javascript malware issue which uses malicious code to harvest credit card credentials. A small Javascript snippet is embedded in the website, which then collects and sends out data from the checkout payment page to a range of different external websites. from information already gathered it appears that over 3.500 sites worldwide are currently affected this issue and that this could have been exploited in the wild since May 2015 – anyone entering credit card details into any of these sites since that date is likely to have had their details stolen !
There have been multiple versions found in the wild, but they all work the same where the malware is embedded in the header or footer of every page. Once an unsuspecting shopper submits a form that contains anything resembling a credit card number, the whole form is transparently copied, using AJAX, to a remote location.
Magento are themselves saying that the attacks are likely using Admin or database access to implement the exploit and that most impacted sites have not implemented the February 2015 Shoplift patch (SUPEE-5344), or the patch was implemented after the site was already compromised. Attackers can also gain Admin access due to weak passwords, phishing, and other unpatched vulnerabilities.
All Magento sites hosted by Havenswift Hosting are not compromised by this issue but all store owners should always apply all patches available on the Community Edition Download Page as soon as feasible after their release; should regularly check for any unknown files in the system; review and remove all unknown Admin accounts and ensure all admin accounts have very strong passwords (e.g., they should be long, include symbols, upper and lower case letters, and numbers – we very strongly recommend using a password manager like the excellent LastPass)