Security researchers find Malware on Magento-based sites

Written by:
Lucie Sadler
Date Posted:
5 September 2018
Category:
Security

A form of malware has been uncovered on Magento-based online shops. The operation works by card-skimming, which allows hackers to gather payment card information as it is being entered on Magento-based sites.

According to security researcher Willem de Groot, nearly 7500 sites were affected by the operation. The malware scam has affected Magento stores over the past six months, and has taken sites around two weeks to return to normal function.

Hackers have been hijacking between 50 and 60 new stores every day in the last two weeks, with no sign of this scam slowing down.

How does the scam work?

It could have happened either through Magento security holes or compromised accounts accessed via malware or brute-force.

Once malicious hackers have gained access to a user’s Magento control panel, they change the code of the store’s HTML template to include malicious Javascript to be hosted on the servers. The script (mage.js) then records customers’ keystrokes when they are typing their card number in, and security code etc.

The data is then uploaded to a server that is controlled by the hackers. The data is intercepted whilst still in the browser, rather than having to look through databases of information.

How to protect your site

If you’re running a Magento-based site, you should check immediately to see if you have been affected.

If the malware skimmer is found in your store, you should look for access points, backdoor access logs and any unauthorised changes or uploads made. Close any areas of unauthorized access and revert to a certified safe copy of the codebase.

Always make sure that you run security updates and patches, as well as using multi-factor authentication on all of your account logins.

Magento Hosting

Hyve offer Magento hosting, supported by our expert team of Magento engineers. We can offer full support for Magento sites, including patching and monitoring to ensure your store is secure and up-to-date.

Rating: 5.0/5. From 1 vote.
Please wait...

Find out why Safestore adopted Hyve as their hosting provider

Case Studies


Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.