Magento Security

Web Skimmer with a Domain Name Generator

Web Skimmer with a Domain Name Generator

| | Black Hat Tactics, Hacked Websites, Magento Security, Obfuscation, Website Malware Infections, Website Security
Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the credit card stealing code from qr201346[.]pw and ...
Sucuri Blog
Hacked Website Threat Report – 2019

Hacked Website Threat Report – 2019

| | Black Hat Tactics, brute force, Conditional Malware, cryptominers, ddos, Drupal Security, Ecommerce Security, encryption, Hacked Websites, Joomla Security, Magento Security, Malware Cleanup, Obfuscation, Phishing, Security Education, SEO spam, sucuri, Sucuri Firewall, Website Backdoor, Website Malware Infections, Website Security, WordPress Plugins and Themes, wordpress security, XSS, zero-day
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively ...
Sucuri Blog

Top 10 Sucuri Research Articles in 2019

| | Black Hat Tactics, ddos, Hacked Websites, Magento Security, Redirects, Security Education, Website Malware Infections, Website Security, wordpress security
As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides valuable lessons for the future. With that ...
Sucuri Blog
Black Friday/Cyber Monday Ecommerce Security Threats

Black Friday/Cyber Monday Ecommerce Security Threats

| | Black Hat Tactics, Ecommerce Security, Hacked Websites, Magento Security, Obfuscation, Phishing, Security Education, Website Malware Infections, Website Security
With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November into the ...
Sucuri Blog
Vulnerable Versions of Adminer as a Universal Infection Vector

Vulnerable Versions of Adminer as a Universal Infection Vector

| | Black Hat Tactics, Hacked Websites, Magento Security, Malware Cleanup, Redirects, Webserver Infections, Website Backdoor, Website Malware Infections, Website Security, WordPress Plugins and Themes, wordpress security
This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and ...
Sucuri Blog
Skimmers for Both Magento and WordPress

Skimmers for Both Magento and WordPress

| | Black Hat Tactics, Ecommerce Security, Hacked Websites, Magento Security, wordpress security
We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress ...
Sucuri Blog
Why It's Important to Update Your Website

Magento 1 End of Life

| | Magento Security, Security Education, Sucuri Firewall
It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any ecommerce business. When you consider the popularity of the Magento ...
Sucuri Blog
Magento Skimmers: From Atob to Alibaba

Magento Skimmers: From Atob to Alibaba

| | Black Hat Tactics, google, Hacked Websites, Magento Security, Obfuscation, Website Security
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL ...
Sucuri Blog
Autoloaded Server-Side Swiper

Autoloaded Server-Side Swiper

| | Black Hat Tactics, Hacked Websites, Magento Security, Server Security, Webserver Infections, Website Security
Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the web pages ...
Sucuri Blog
Fake Google Domains Used in Evasive Magento Skimmer

Fake Google Domains Used in Evasive Magento Skimmer

| | Black Hat Tactics, Ecommerce Security, google, Hacked Websites, Magento Security, Website Security
We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that the site had been infected with a ...
Sucuri Blog
Load more