Old Magento bug still biting etailers

By on
Old Magento bug still biting etailers

Magento malware poses as a patch for a year-old vulnerability.

If you run a Magento-based online store, you may recall Securi's warning about an important update for the ecommerce software that fixed a bug that could allow attackers to take over a site.

The same company is now warning that the Bad Guys are taking advantage of a year-old Magento vulnerability in a very sneaky way - a fake version of Magento's SUPEE-5344 patch is circulating, and instead of patching the ecommerce software it is actually malware that exploits the vulnerability to purports to fix!

The malware is able to steal customers' login credentials and other information. It also allows the modification of various files, which could be used to extract the payment information (ie, credit card details) when customers place orders.

So if you are still using a version of Magento that was released before February 2015, make sure the real SUPEE-5344 patch has been applied. And ask yourself why you're using an out-of-date and insecure version of the software for such an important function.

Securi's description of the fake patch includes some tips for maintaining the security of Magento sites.

And if you're a buyer rather than a seller, the same article has some tips for safer internet shopping.

Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?