Website Security News
During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a Magento phishing page, but nevertheless it successfully loads a legitimate looking Magento 1.x login page….
Read More about Magento Phishing Leverages JavaScript For Exfiltration
Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the…
Read More about Magento Credit Card Stealing Malware: gstaticapi
The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also…
During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal…
Read More about CDN-Filestore Credit Card Stealer for Magento
We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” — probably referring to a Croatian Magento consulting…
A website owner recently contacted us regarding a payment problem on their Magento website. A suspicious payment card form was loading for customers who were trying to pay for items…
Read More about Magento JavaScript Skimmer Targets Tarjetas de Crédito
Our Remediation team analyst Ben Martin recently found a malicious injection in a compromised Magento 1.9.x installation that was stealing Magento user login credentials. The injection was found in the…
Read More about Magento Login Stealer in Fake bg_white.png Image
Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It was being used to capture…
We recently came across a simple Magento credit card skimmer found on a compromised website that was loading from the malicious domain magecart[.]net. The malicious domain was first registered on…
Read More about Magento Skimmer Found Loading from magecart[.]net
We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers like Magecart, it’s sometimes overlooked…
It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any ecommerce business. When you consider the popularity of…
