A JavaScript skimmer that conditionally loads from malicious PHP code injected into a Magento file.

It’s important to an attacker for a skimmer to remain undetected for as long as possible, so they do research and use various techniques to make the request that loads the skimmer look innocuous.

Magento’s continued migration from 1.x to 2.x versions has led malware authors to modify existing malicious tools to accomodate for the major differences between these Magento versions.