Benjamin Hosack
read

Magento Security: The Forensic Team at Foregenix has identified a number of cases concerning the same method of Brute Force attack.

Attackers were able to gain access to the Magento Connect Manager of multiple Magento websites, through Brute Force Attack, due to a combination of weak passwords, open access to the website’s Magento extension download page (www./downloader/.cache/community), and open access to the Magento Connect Manager login page itself (www./downloader/index.php), neither of which should be publicly available.

Magento Malware Brute Force AttackThe attackers were then able to upload a genuine, non-malicious extension by Magpleasure which allows total editing of Magento Files straight from the administration panel - granting the hacker full control of the Magento environment. 

This was then followed by two webshells being uploaded to the website, allowing an attacker to add/edit/delete files within the web root. 

Detection

We have outlined how you can detect this malware yourself in a technical Whitepaper which you can download using the button below. 

Download this Whitepaper

Alternatively, we are offering a free 7 day trial of Vngo to allow you to scan your website internally for these webshells. 

Scan your site with FGX-Web

Subscribe to our Blog

Contact Us

Access cybersecurity advisory services

 

Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles
SUBSCRIBE

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.