Security researchers have discovered a widespread attack on Magento stores. Magento is one of the more popular platforms for building online stores, so it should not be surprising that it attracts attention from criminal elements.
US-based security firm Sucuri has discovered an attack on many thousands of Magento stores.
The attack appears to be automated, according to Sucuri, and gives the miscreants access to the database used by Magento. This means they can create admin user accounts, and use them for additional purposes.
The attackers seem to be using the Magento vulnerability to co-opt sites into delivering malware to visitors' computers. That malware steals financial credentials and ropes the computer into a botnet, according to Malwarebytes.
So what should you do if you run a store on Magento?
If you're technically competent, Sucuri provides some tips for detecting and cleaning out the Magento malware.
Otherwise you probably delegate the technical stuff to someone else, so make sure that they are aware of the issue and have made sure your site is still clean. Apart from any other considerations, Google is blocking access to infected sites and the loss of that traffic could have a significant effect on your sales.
According to a Magento statement, the company thinks the malware most commonly exploits a vulnerability that was fixed early this year. That shows the importance of keeping your software up to date.
But it went on to warn "The malware can also take advantage of situations where an administrative account has been compromised through weak passwords, phishing, or any other unpatched vulnerability that allows for administrative access, so it is important to check for fake user accounts for leftover demo accounts."
Magento has published instructions that outline how to check whether a site has been infected, how to clean up if necessary, and how to secure the site.