Hackers Exploiting Gullible Magento Site Administrators

Nexcess recently released a report of a Recent Exploit using Fake Magento Extensions was able to skim credit card information from affected Magento websites. While it seems that some of the stores were breached by correctly guessing simple admin usernames and passwords, others seemed to be the result of site administrators installing Magento Extensions that included backdoors that gave the hackers remote access to the website. Once the backdoor was installed, the hackers went on to modify core Magento files, ensuring that when a credit card order was placed, the credit card information would be saved to a text file that was hidden with an image file name extension .jpg, .gif, .bmp and saved in the /media directory, allowing the hackers, and anyone else on the internet to download the credit card information.

There may be many variations of these affected Magento Extensions in the wild, not just the ones mentioned here. Also, before you install any Magento Extension on your website that processes credit card transactions, you should perform a code review on the extension and be on the lookout for any suspicious code changes. Be aware that a quality Magento Extension will never directly modify core Magento files, but will instead override the classes within the extension’s own directory.

The Magento Extention names that are known to be affected include:

  1. Unigry GiftCert

  2. RetailTower Feed_Manager

  3. Unirgy Instaler

Note: Even though Unigry and RetailTower’s names are used on these extensions, they have nothing to do with the exploit. Their names are simply being used as a way to hide malicious code in a real extension’s name.

Tags:

Related Posts

Mar 25, 2014
2 minutes

Magento Cache with Cache Disabled

One of the things that I find quite annoying with a web platform is when you configure it to do one thing, and it does something different. Magento is an eCommerce software platform that many of the leading eCommerce websites use for their web stores.

Magento

Magento comes in two different flavors, a paid enterprise edition as well as a open-source community edition. The enterprise edition allows you to utilize the built-in full-page caching mechanism, while the community edition does not include a full-page caching solution.

#cache #magento
Read More
Apr 17, 2014
2 minutes

MySQL Deadlocks with Magento

One of the things that Magento, and specifically the Zend Framework provide developers is the ability to not have to think about database details as it should just handle all that for you. When it becomes obvious that there is a problem somehow with the production database getting some sort of SQL errors, its time for the developers to start caring about the implementation and architecture details of the database.

#magento #mysql
Read More
Mar 26, 2014
3 minutes

Magento FrontName Naming and SSL/HTTPS

One of the things that has always been an issue for sites that are based on Magento is that they are slow. Well, to be fair, sites using Magento Enterprise Edition that take advantage of the built-in full-page caching functionality seem to have decent page load times. One way to take care of this slow load time issue is to utilize a third-party full-page caching solution such as what Varnish provides.

#cache #magento #varnish
Read More