eCommerce Security – WindowsTechs.com

Examining Unique Magento Backdoors

Posted on August 4, 2021 by Liam Smith

During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoo… Continue reading Examining Unique Magento Backdoors→

WooCommerce Credit Card Skimmer Hides in Plain Sight

Posted on May 28, 2021 by Ben Martin

Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a prod… Continue reading WooCommerce Credit Card Skimmer Hides in Plain Sight→

WooCommerce Credit Card Swiper Hides in Plain Sight

Posted on May 28, 2021 by Ben Martin

Magento PHP Injection Loads JavaScript Skimmer

Posted on January 21, 2021 by Luke Leal

A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php
…
if ($_… Continue reading Magento PHP Injection Loads JavaScript Skimmer→

Real-Time Phishing Kit Targets Brazilian Central Bank

Posted on January 14, 2021 by Luke Leal

We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our investigation revealed was that attackers were leveraging PIX, a new payme… Continue reading Real-Time Phishing Kit Targets Brazilian Central Bank→

Fake WordPress Functions Conceal assert() Backdoor

Posted on December 8, 2020 by Douglas Santos

A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting.
Among 246 other lines, this very specific part stood out to me:
$config = wp_dbase_config_i… Continue reading Fake WordPress Functions Conceal assert() Backdoor→

PrestaShop SuperAdmin Injector and Login Stealer

Posted on November 18, 2020 by Luke Leal

According to W3Tech’s data, PrestaShop is among the most popular CMS choices for existing ecommerce websites, so it should come as no surprise that malware has been created to specifically target these environments.
We recently came across an infected… Continue reading PrestaShop SuperAdmin Injector and Login Stealer→

Another Credit Card Stealer That Pretends to Be Sucuri

Posted on November 12, 2020 by Denis Sinegubko

During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri.
One of our Remediation Analysts, Liam Smith, found the following code injected into the database of a Magento site.
The first 109 lines of the malw… Continue reading Another Credit Card Stealer That Pretends to Be Sucuri→

Magento Credit Card Stealing Malware: gstaticapi

Posted on September 25, 2020 by Krasimir Konov

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.
To obtain sensitive details, the malware loads external javascript whenever t… Continue reading Magento Credit Card Stealing Malware: gstaticapi→

CDN-Filestore Credit Card Stealer for Magento

Posted on August 18, 2020 by Krasimir Konov

During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal originally wrote about this malware in a blog po… Continue reading CDN-Filestore Credit Card Stealer for Magento→