One of our customers reported that one of their website visitors received a warning from their antivirus program when they navigated to their payment page:
Calls were made to a known malicious domain that was already blacklisted by several vendors for distribution of malware and involvement in carding attacks:
This certainly indicated that a card thief was present somewhere on our client’s website.
Credit Cards Thief in a Magento Website
Our first step in locating such an infection is to query the database for the following string: