Magento Security – WindowsTechs.com

Examining Unique Magento Backdoors

Posted on August 4, 2021 by Liam Smith

During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoo… Continue reading Examining Unique Magento Backdoors→

Stylish Magento Card Stealer loads Without Script Tags

Posted on July 28, 2021 by Ben Martin

Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this post I will go over how it was found, how to decode it and how it … Continue reading Stylish Magento Card Stealer loads Without Script Tags→

Server Side Scans and File Integrity Monitoring

Posted on May 13, 2021 by Ben Martin

When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of the most crucial tools in Sucuri’s arsenal. It’s paramount in maintaining an effective securi… Continue reading Server Side Scans and File Integrity Monitoring→

Bogus CSS Injection Leads to Stolen Credit Card Details

Posted on January 5, 2021 by Ben Martin

A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that something is amiss, and so I began my investigation.
… Continue reading Bogus CSS Injection Leads to Stolen Credit Card Details→

Another Credit Card Stealer That Pretends to Be Sucuri

Posted on November 12, 2020 by Denis Sinegubko

During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri.
One of our Remediation Analysts, Liam Smith, found the following code injected into the database of a Magento site.
The first 109 lines of the malw… Continue reading Another Credit Card Stealer That Pretends to Be Sucuri→

Backdoor Shell Dropper Deploys CMS-Specific Malware

Posted on October 6, 2020 by Krasimir Konov

A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want.
Another common scenario includes malware which is directly inject… Continue reading Backdoor Shell Dropper Deploys CMS-Specific Malware→

Magento Credit Card Stealing Malware: gstaticapi

Posted on September 25, 2020 by Krasimir Konov

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.
To obtain sensitive details, the malware loads external javascript whenever t… Continue reading Magento Credit Card Stealing Malware: gstaticapi→

CDN-Filestore Credit Card Stealer for Magento

Posted on August 18, 2020 by Krasimir Konov

During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal originally wrote about this malware in a blog po… Continue reading CDN-Filestore Credit Card Stealer for Magento→

Skimmers in Images & GitHub Repos

Posted on July 22, 2020 by Denis Sinegubko

MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files.
During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content… Continue reading Skimmers in Images & GitHub Repos→

Malicious Magento User Creator

Posted on July 21, 2020 by Krasimir Konov

We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring to a Croatian Magento consulting company.
The script is sim… Continue reading Malicious Magento User Creator→