Researchers discovered attackers are leveraging a new malware variant against online stores that run on the e-commerce platform Magento.
The researchers claim the malware begins to execute once a user initiates the new order and check out process.
The malicious script stored in the database executes before the Magento platform is able to generate the PHP and load the page, according to the researchers. The malicious script is reportedly able to scan for malware within the header, footer, copyright and each CMS block.
If the malware doesn’t detect anything, it will allegedly re-insert itself into the page using a database trigger. The researchers claim the capability of scanning databases is a new evolution of malware design beyond the typical file scan function.
The new malware strain affecting Magento-run e-commerce sites can steal users’ card information. The cybercriminals behind this new malware are allegedly using brute force attacks as the entry attack vector to breach the targeted online store.
Researchers warn cybercriminals will continue to seek new variations of malware that can survive on e-commerce sites for long periods without detection. Magento has not issued a statement on the malware attacks at the time of this post.