The malware, discovered by Jeroen Boersma and analyzed by Willem de Groot, steals user card information and starts execution whenever a user places a new order.
When this happens, a malicious database trigger executes before Magento puts together the PHP code and assembles the page. This database trigger checks if the malwares malicious JavaScript code is present in the stores header, footer, and copyright section. Moreover, it also checks various Magento CMS blocks where the malicious code could also reside.
While this is not the first web malware that hides code in the websites database, this is the first one that is written in SQL, as a stored procedure, in this case, a Mangeto database trigger operation, according to Bleeping Computer.
Store owners are advised by security specialists to scan their shops via de Groots two tools, MageReport and the Magento Malware Scanner, which have received updates to detect this new class of malware.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright