Alert: Magento "Cloud Harvester" Malware Targeting Insecure Websites
Magento websites are under attack from a new credit card harvesting technique designed to evade detection while harvesting payment card data from major payment processor iframes - called "CLOUD HARVESTER".
The Forensic Team at Foregenix are regularly finding new techniques that attackers are adopting in attempts to remain undetected by victim websites – and it seems they have added a new tactic to attack Shoplift-affected eCommerce websites. Not only are they changing the way that traditional cardholder data harvesting methods are executed – the malicious payload is now retrieved from an external resource.
The basics of the standard client-side attack are pretty straight forward and follow this process:
- An attacker exploits the Magento Shoplift vulnerability to gain access to the website through SQL injection.
(Magento Shoplift is not a new vunerability - it was alerted by Magento in February 2015 with patch SUPEE-5344 – SHOPLIFT BUG PATCH and we also pushed out an alert to our client base.)
- This access permits them to insert data or code (malware) directly into the site's database. Magento has the ability to render content directly from the database and this situation means attackers can push malicious code into an eCommerce website that never actually "touches the disk" directly. As such, normal (file system based scanning) attempts to detect the compromise would be found lacking — the analysis has to consider the database content.
For full details of "CLOUD HARVESTER", including detection and prevention, please visit the Foregenix blog at:http://blog.foregenix.com/alert-magento-cloud-harvester-malware-targeting-insecure-websites
Full details of Magento Shoplift Patch is at:https://magento.com/security/patches/supee-5344-%E2%80%93-shoplift-bug-patch #magento #malware #cybersecurity