Navigating the maze of Magecart: a cautionary tale of a Magecart impacted website

The Cloudflare security research team discovered a malicious script on a customer's website, which was designed to steal Personally Identifiable Information (PII), including credit card details. The script was hosted at the domain cdn.jsdelivr.at and used obfuscation techniques to hide its true intentions. It employed data encoding and decoding functions, targeted specific input fields on the website, and transmitted stolen data secretly to a server controlled by attackers. Proactive detection measures such as Page Shield's machine learning algorithm were able to identify this novel Magecart-style attack with high accuracy. To enhance security against similar threats, Cloudflare recommends implementing Web Application Firewall (WAF) Managed Rule Product, deploying ML-based WAF Attack Score, using Page Shield, and activating Sensitive Data Detection (SDD).