• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Search Results for: magento

Labs Note

October 14, 2020Luke Leal

Magento Phishing Leverages JavaScript For Exfiltration

During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a Magento phishing page, but nevertheless it successfully loads a legitimate looking Magento 1.x login page….

Read More about Magento Phishing Leverages JavaScript For Exfiltration

Magento Skimmers from Atob to Alibaba

September 25, 2020Krasimir Konov

Magento Credit Card Stealing Malware: gstaticapi

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the…

Read More about Magento Credit Card Stealing Malware: gstaticapi

August 26, 2020Luke Leal

Magento Multiversion (1.x/2.x) Backdoor

The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also…

Read More about Magento Multiversion (1.x/2.x) Backdoor

Anatomy of a credit card stealer

August 18, 2020Krasimir Konov

CDN-Filestore Credit Card Stealer for Magento

During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal…

Read More about CDN-Filestore Credit Card Stealer for Magento

Malicious Magento User Creator

July 21, 2020Krasimir Konov

Malicious Magento User Creator

We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring to a Croatian Magento consulting…

Read More about Malicious Magento User Creator

Labs Note

April 17, 2020Luke Leal

Magento JavaScript Skimmer Targets Tarjetas de Crédito

A website owner recently contacted us regarding a payment problem on their Magento website. A suspicious payment card form was loading for customers who were trying to pay for items…

Read More about Magento JavaScript Skimmer Targets Tarjetas de Crédito

Labs Note

February 24, 2020Luke Leal

Magento Login Stealer in Fake bg_white.png Image

Our Remediation team analyst Ben Martin recently found a malicious injection in a compromised Magento 1.9.x installation that was stealing Magento user login credentials. The injection was found in the…

Read More about Magento Login Stealer in Fake bg_white.png Image

Labs Note

February 7, 2020Luke Leal

Magento Credit Card Stealer: harilov[.]com

Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It was being used to capture…

Read More about Magento Credit Card Stealer: harilov[.]com

Labs Note

January 16, 2020Luke Leal

Magento Skimmer Found Loading from magecart[.]net

We recently came across a simple Magento credit card skimmer found on a compromised website that was loading from the malicious domain magecart[.]net. The malicious domain was first registered on…

Read More about Magento Skimmer Found Loading from magecart[.]net

November 7, 2019Denis Sinegubko

Skimmers for Both Magento and WordPress

We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers like Magecart, it’s sometimes overlooked…

Read More about Skimmers for Both Magento and WordPress

Magento 1 End of Life

November 6, 2019Art Martori

Magento 1 End of Life

It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any ecommerce business. When you consider the popularity of…

Read More about Magento 1 End of Life

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.