Shell Logins as a Magento Reinfection Vector

less than 1 minute read

Shell Logins as a Magento Reinfection Vector<p>Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following files:</p>

  • app/Mage.php;
  • lib/Varien/Autoload.php;
  • index.php;
  • app/code/core/Mage/Core/functions.php;

These are common files for attackers to target as they operate throughout Magento sites, but these instances were special as they had a very peculiar reinfection rate.

Malicious Scripts Loaded Through .bashrc

Upon closer inspection, we came across this snippet in the site owner’s .bashrc file.

Continue reading Shell Logins as a Magento Reinfection Vector at Sucuri Blog.

</img>

You may also enjoy

Spotlight on Women in Cybersecurity

less than 1 minute read

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...

Facebook
Google plus
Pinterest
RSS
Spotlight on Women in Cybersecurity
How to Add SSL & Move WordPress from HTTP to HTTPS
Hacked Website Trend Report – 2018
Fake Browser Updates Push Ransomware and Bank Malware
Google Analytics and Angular in Magento Credit Card Stealing Scripts