Benjamin Hosack
2 min read

Attention Magento Website Owners:

magentologo

The Foregenix forensic team has recently identified a new data compromise of Magento websites called Magento Phantom.  This malware is very difficult to detect and is affecting escalating numbers of websites.

What’s the threat?

The Magento Phantom malware allows unauthorized users to access the impacted site and make system modifications to harvest payment card details, as well as other confidential information belonging to both customers and the compromised websites.

How do you know if you have been hacked by Magento Phantom?

Website owners can identify if they have been affected in 3 different ways:

  •        Use our FGX-Web Alert solution to check your website.  We have a 30 day free trial that would be plenty to understand if you have been hacked by Magento Phantom or not. FGX-Web Alert incorporates checks for Magento Phantom, as well as monitoring for other malware/backdoors/shells that could be used to compromise your website. Our team is on standby to provide unlimited support to remove malware/shells/backdoors for FGX-Web users.   
  •        Use our white paper to conduct a check yourself.  Its a manual process and you would be recommended to carry out regular checks to make sure that your website does not get attacked in the next few weeks/months.
  •        Do nothing and wait for your bank to contact you to say you have been hacked and need a forensic investigation.  (Not a recommended course of action!)

How do you protect your website from Magento Phantom?

Protection of your website is straightforward:

  •        Do not upload plugins/extensions that are not from a trusted source.
  •        Sign up for FGX-Web Alert to provide ongoing monitoring and support from the Foregenix team.
  •        Ensure your have a strong password policy for admin access to your website.

There are many other protective controls you could add – take a look at the Payment Card Industry Data Security Standard for a guide on the minimum set of controls you should have protecting your customer data.  After all, while credit card data is highly valuable right now, very soon businesses will be facing severe penalties for losing personally identifiable information too.  

Download our Whitepaper

Alternatively, you can download our Whitepaper which includes more details on how to detect and identify Magento Phantom Malware on your website.

You can download the Whitepaper here.

Subscribe to our Blog

Contact Us

Access cybersecurity advisory services

 

Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles
SUBSCRIBE

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.