In recent months the Foregenix Forensic Lab has seen many of it's clients using the payment processor Braintree and their Hosted Fields solution, a form of iFrame for each input field of the checkout page.
See the Foregenix blog for more information on:
This time, the malicious code is specifically designed for Magento sites that use the Braintree extension. This extension connects a Magento store with the Braintree payment processing service that is supposed to be (among other things) adding extra security for credit card transactions. Ironically, hackers piggyback some of the Braintree objects in order to steal credit card details during the checkout process. The obfuscated code was added in the js/varien/accordion.js file. var _0x53bc = ["\x71\x20\x66\x3D\x45\x3B\x35\x3D\x27\x44\x27 \x3B\x43\x20…