Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Self-Healing Malware Discovered, Magento Websites Attacked

Magento has been targeted once again by new malware that is capable of self-healing. This process is possible thanks to hidden code in the targeted website’s database. The researcher who came across the new malware pattern is Jeroen Boersma. However, Willem de Groot is the one who analyzed it.

This malware strain is not the first to place hidden code in a website’s database but is indeed the first one written in SQL as a stored procedure, as explained by researchers.

As a matter of fact, the average Javascript-based malware is typically injected in the static header or footer HTML definitions in the website’s database. Cleaning these records used to be enough to get rid of this type of malware. Unfortunately, this procedure won’t do the job with the newly discovered threat. Shortly said, the new malware can restore itself once it has been deleted.

How is an attack carried out?

The trigger is executed every time a new order is made. The query checks for the existence of the malware in the header, footer, copyright and every CMS block. If absent, it will re-add itself.

This discovery shows that a new phase of malware evolution has begun. Unfortunately, simply scanning files is not enough anymore, as malware detection methods should include database analysis, researchers add.

Magento platforms are often targeted by malware. The new instance is typically capable of harvesting user card information, but is also capable of preserving itself for unspecified period of time.

Willem de Groot (the researcher who analyzed the malware) has updated the malware scanner which contains a collection of rules and samples to detect Magento malware. Website owners can now do a sweep to make sure everything is alright with their platforms.

Last year Magento websites were targeted by ransomware known as KimcilWare. The threat encrypted webserver files and added its index file on victimized servers. The extension .kimcilware could be seen all over the Index page.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.