• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Blog Category: Ecommerce Security

ecommerce-blog-category

Our latest posts on website security issues that impact ecommerce sites, including tips for keeping client data secure. Learn about PCI compliance and emerging threats against ecommerce platforms such as Magento, Prestashop, Woocommerce, and OpenCart.

Phishing Campaign

January 14, 2021Luke Leal

Real-Time Phishing Kit Targets Brazilian Central Bank

We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our investigation revealed was that attackers were leveraging PIX, a new payment method created by the…

Read More about Real-Time Phishing Kit Targets Brazilian Central Bank

Labs Note

December 8, 2020Douglas Santos

Fake WordPress Functions Conceal assert() Backdoor

A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting. Among 246 other lines, this…

Read More about Fake WordPress Functions Conceal assert() Backdoor

Labs Note

November 18, 2020Luke Leal

PrestaShop SuperAdmin Injector and Login Stealer

According to W3Tech’s data, PrestaShop is among the most popular CMS choices for existing ecommerce websites, so it should come as no surprise that malware has been created to specifically…

Read More about PrestaShop SuperAdmin Injector and Login Stealer

Labs Note

November 11, 2020Denis Sinegubko

Another Credit Card Stealer That Pretends to Be Sucuri

During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into…

Read More about Another Credit Card Stealer That Pretends to Be Sucuri

Ecommerce Security Tips

October 16, 2020Victor Santoyo

Securing Your Online Store for the Holidays

Shopping season is here, and so is the opportunity for ecommerce site owners to grow their business and generate revenue. In lieu of the changing global ecommerce climate that this…

Read More about Securing Your Online Store for the Holidays

Labs Note

October 14, 2020Luke Leal

Magento Phishing Leverages JavaScript For Exfiltration

During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a…

Read More about Magento Phishing Leverages JavaScript For Exfiltration

Magento Skimmers from Atob to Alibaba

September 25, 2020Krasimir Konov

Magento Credit Card Stealing Malware: gstaticapi

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the…

Read More about Magento Credit Card Stealing Malware: gstaticapi

Anatomy of a credit card stealer

August 18, 2020Krasimir Konov

CDN-Filestore Credit Card Stealer for Magento

During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal…

Read More about CDN-Filestore Credit Card Stealer for Magento

Labs Note

August 3, 2020John Castro

Vulnerabilities Digest: July 2020

Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0…

Read More about Vulnerabilities Digest: July 2020

Reverse String WooCommerce

July 27, 2020Ben Martin

Reverse String WooCommerce WordPress Credit Card Swiper

As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a…

Read More about Reverse String WooCommerce WordPress Credit Card Swiper

July 13, 2020Luke Leal

Spox Phishing Kit Harvests Chase Bank Credentials

Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page. These kits are typically bundled in…

Read More about Spox Phishing Kit Harvests Chase Bank Credentials

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.