Black Friday/Cyber Monday Ecommerce Security Threats
Luke Leal With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the…
Browsing Category
Magento Security
94 posts
Vulnerable Versions of Adminer as a Universal Infection Vector
Denis Sinegubko This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting…
Skimmers for Both Magento and WordPress
We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers…
Magento 1 End of Life
Art Martori It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any ecommerce business. When…
Sucuri_encrypted: Magento Malware
In an effort to make malicious code appear to be credible, hackers commonly piggyback on the names of reputable, well-known companies and services. Typical examples…
KOSONG Credit Card Stealer
Our security analyst Christopher Morrow recently discovered a server-side Magento skimmer that was injected into the savePayment function in the app/code/core/Mage/Checkout/Model/Type/Onepage.php file. This code emails…
Magento Skimmers: From Atob to Alibaba
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function…
Autoloaded Server-Side Swiper
Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily…
Fake Google Domains Used in Evasive Magento Skimmer
We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that…
Magento Killer
A malicious PHP script, aptly given the name “Magento Killer” by its creator(s), has been found targeting Magento websites. While it doesn’t actually kill the…
CC Stealing Code Pretending to be Bing Ads
Krasimir Konov During a recent investigation we found this suspicious code pretending to be associated with Bing ads.After further review, we see that the code is actually…