Benjamin Hosack
2 min read

Recent forensic cases have highlighted a new attack for Magento websites that is highly effective at stealing payment card data.  If you run a Magento website, you need to be aware of this.

Magento Malware stealing payment card data

Filesman:02 Backdoor - Again

Websites are being compromised via the Filesman backdoor, which allows attackers to access, modify and reinfect a website. Filesman is usually well hidden within the filesystem and difficult to locate (FGX-Web automatically detects Filesman and many other well-known and lesser-known Magento malware - as well as malware for other platforms).

The Attack

In this attack, the hackers use Filesman to leverage their access on the web server and then load malicious code into two files that form part of the core Magento payment framework. This means that any code contained within these pages is executed when any payments are taken on the website.

The Malicious Code

Magento_Malware

The code creates a function – the naming of the function can be almost anything. The function creates a file, masquerading as a JPEG image, within the media catalog directory structure - again the specific placement and filename are easily changed.

The code leverages predefined variables and methods from the Magento framework to concatenate the checkout information to the dynamic filename with a delimiter character that the attacker could also change as needed.

How to detect this attack?

Install FGX-Web on your website to run the malware checks, file change monitoring and to provide a web application firewall to filter out further attacks.FGX-Web will identify Filesman backdoor malware and will also scan forthe unprotected payment card data that this attack collects from each transaction.

Scan your  Website Now

Need help?

If you want to improve your Magento security, we have a team of security specialists who are available to advise, help you clean up your website and regain control of your online business. Fill in the form below and we'll get back to you immediately.

Subscribe to our Blog

Contact Us

Access cybersecurity advisory services

 

Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles
SUBSCRIBE

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.