Attackers Use Malware to Hit Magento Online Stores

Attackers Use Malware to Hit Magento Online Stores

Sign up to receive OPĀQ’s daily WatchDesk Intel reports

Share on FacebookShare on LinkedInTweet about this on Twitter

Attackers Use Malware to Hit Magento Online Stores

February 16, 2017

WatchDesk Team

Researchers discovered attackers are leveraging a new malware variant against online stores that run on the e-commerce platform Magento.

The malware, which is written in SQL, has the unique capability of hiding within the targeted website’s database. Other malware strains targeting e-commerce sites are typically written in JavaScript.

The researchers claim the malware begins to execute once a user initiates the new order and check out process.

The malicious script stored in the database executes before the Magento platform is able to generate the PHP and load the page, according to the researchers. The malicious script is reportedly able to scan for malware within the header, footer, copyright and each CMS block.

If the malware doesn’t detect anything, it will allegedly re-insert itself into the page using a database trigger. The researchers claim the capability of scanning databases is a new evolution of malware design beyond the typical file scan function.

The new malware strain affecting Magento-run e-commerce sites can steal users’ card information. The cybercriminals behind this new malware are allegedly using brute force attacks as the entry attack vector to breach the targeted online store.

Researchers warn cybercriminals will continue to seek new variations of malware that can survive on e-commerce sites for long periods without detection. Magento has not issued a statement on the malware attacks at the time of this post.

Tags: ,

Ready to Talk?