During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal originally wrote about this malware in a blog post earlier this year.
Malware Evolution & Evasive Techniques
One primary difference between this new version and theone Luke wrote about in April is that it was not packed. This detail suggests that the attackers updated the malware in an attempt to obfuscate it and avoid detection.