The malware, discovered by Jeroen Boersma and analyzed by Willem de Groot, steals user card information and starts execution whenever a user places a new order.
When this happens, a malicious database trigger executes before Magento puts together the PHP code and assembles the page. This database trigger checks if the malwares malicious JavaScript code is present in the stores header, footer, and copyright section. Moreover, it also checks various Magento CMS blocks where the malicious code could also reside.
While this is not the first web malware that hides code in the websites database, this is the first one that is written in SQL, as a stored procedure, in this case, a Mangeto database trigger operation, according to Bleeping Computer.
Store owners are advised by security specialists to scan their shops via de Groots two tools, MageReport and the Magento Malware Scanner, which have received updates to detect this new class of malware.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now