Home > Cyber News > Self-Healing Malware Discovered, Magento Websites Attacked
CYBER NEWS

Self-Healing Malware Discovered, Magento Websites Attacked

by   |  Last Update:  |  0 Comments  

Magento has been targeted once again by new malware that is capable of self-healing. This process is possible thanks to hidden code in the targeted website’s database. The researcher who came across the new malware pattern is Jeroen Boersma. However, Willem de Groot is the one who analyzed it.

This malware strain is not the first to place hidden code in a website’s database but is indeed the first one written in SQL as a stored procedure, as explained by researchers.

As a matter of fact, the average Javascript-based malware is typically injected in the static header or footer HTML definitions in the website’s database. Cleaning these records used to be enough to get rid of this type of malware. Unfortunately, this procedure won’t do the job with the newly discovered threat. Shortly said, the new malware can restore itself once it has been deleted.

How is an attack carried out?

The trigger is executed every time a new order is made. The query checks for the existence of the malware in the header, footer, copyright and every CMS block. If absent, it will re-add itself.

This discovery shows that a new phase of malware evolution has begun. Unfortunately, simply scanning files is not enough anymore, as malware detection methods should include database analysis, researchers add.

Magento platforms are often targeted by malware. The new instance is typically capable of harvesting user card information, but is also capable of preserving itself for unspecified period of time.

Willem de Groot (the researcher who analyzed the malware) has updated the malware scanner which contains a collection of rules and samples to detect Magento malware. Website owners can now do a sweep to make sure everything is alright with their platforms.

Last year Magento websites were targeted by ransomware known as KimcilWare. The threat encrypted webserver files and added its index file on victimized servers. The extension .kimcilware could be seen all over the Index page.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. KimcilWare Ransomware Hits Magento Sites Websites using the Magento platform have been hit by ransomware....
  2. CVE-2022-24086: Zero-Day in Adobe Commerce and Magento Platforms CVE-2022-24086 is a critical, zero-day security vulnerability affecting Adobe’s Commerce...
  3. Vulnerable Magento Extensions Exploited to Plant Skimmers Threat actors have once again targeted the Magento platform. The...
  4. CVE-2022-24087: Yet Another Critical Bug in Adobe Magento CVE-2022-24087 is another critical vulnerability that Adobe had to address...
  5. Vulnerabilities Revealed in Yahoo, PayPal, Shopify and Magento Apps Researchers have disclosed information about certain vulnerabilities inside web and...
  6. More than 150 Vulnerabilities Discovered in US Marine Corp Websites As much as 150 vulnerabilities were discovered by white hat...
  7. MagentoCore: the Most Aggressive Skimmer Infects 60 Stores per Day Security researcher Willem de Groot recently unearthed the most successful...
  8. “Drupal” Ransomware Uses SQL Injection to Lock Drupal Websites “Website is locked. Please transfer 1.4 BitCoin to address 3M6SQh8Q6d2j1B4JRCe2ESRLHT4vTDbSM9...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree