7 Ways to Secure Magento 1
Matt Morrow While unpatched installations of Magento 2 contain many vulnerabilities, I’m going to focus my attention on Magento 1 for this article. This is because Magento…
Browsing Category
Ecommerce Security
156 posts
Examining Unique Magento Backdoors
Liam Smith During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution…
Magecart Swiper Uses Unorthodox Concatenation
Ben Martin MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers…
Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2
In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the…
Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1
Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal…
WooCommerce Credit Card Skimmer Hides in Plain Sight
Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus…
Magento 2 PHP Credit Card Skimmer Saves to JPG
Luke Leal Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2…
Magento PHP Injection Loads JavaScript Skimmer
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP…
Real-Time Phishing Kit Targets Brazilian Central Bank
We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page…
Fake WordPress Functions Conceal assert() Backdoor
Douglas Santos A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting.…
PrestaShop SuperAdmin Injector and Login Stealer
According to W3Tech’s data, PrestaShop is among the most popular CMS choices for existing ecommerce websites, so it should come as no surprise that malware…