Hyve logo

Discuss your hosting requirements with us today

Security researchers find Malware on Magento-based sites

Hackers gain access to Magento control panels

Hyve Managed Hosting

featured image

A form of malware has been uncovered on Magento-based online shops. The operation works by card-skimming, which allows hackers to gather payment card information as it is being entered on Magento-based sites.

According to security researcher Willem de Groot, nearly 7500 sites were affected by the operation. The malware scam has affected Magento stores over the past six months, and has taken sites around two weeks to return to normal function.

Hackers have been hijacking between 50 and 60 new stores every day in the last two weeks, with no sign of this scam slowing down.

How does the scam work?
It could have happened either through Magento security holes or compromised accounts accessed via malware or brute-force.

Once malicious hackers have Hathey change the code of the store’s HTML template to include malicious Javascript to be hosted on the servers. The script (mage.js) then records customers’ keystrokes when they are typing their card number in, and security code etc.

The data is then uploaded to a server that is controlled by the hackers. The data is intercepted whilst still in the browser, rather than having to look through databases of information.

How to protect your site
If you’re running a Magento-based site, you should check immediately to see if you have been affected.

If the malware skimmer is found in your store, you should look for access points, backdoor access logs and any unauthorised changes or uploads made. Close any areas of unauthorised access and revert to a certified safe copy of the codebase.

Always make sure that you run security updates and patches, as well as using multi-factor authentication on all of your account logins.

Hyve offer Magento hosting, supported by our expert team of Magento engineers. We can offer full support for Magento sites, including patching and monitoring to ensure your store is secure and up-to-date. Give our sales team a call today on 0800 612 2524 to discuss your requirements. 

Get cloud insights to your inbox

Email icon
Alert icon
check circle

By submitting your email, you consent to the processing of your personal data for the purposes of receiving Inbox Insights emails. View our privacy policy for full details.

Insights related to Blog

Cloud specialist eyes further international growth
Read our insight
telephone
Background image

Get in touch

Alert icon
check circle
Alert icon
check circle
Alert icon
check circle
Email icon
Alert icon
check circle
Lock icon

We don't send spam to our users

Alert icon
check circle

0 of 4000 max characters

telephone