PrestaShop Issues a Warning Against “XsamXadoo” Malware
PrestaShop has released an advisory to warn about a potential threat in the shape of a malware named XsamXadoo on its stores.
Hackers are, allegedly, using this malware to gain access to your PrestaShop Store. Several PrestaShop store owners have already been comprised by this malware.
From what we came to know of, this malware exploits known vulnerabilities in PHP tool – PHPUnit, which is present in several of the PrestaShop modules.
You will find more details of the vulnerability as you read on. Moreover, we will also discuss the steps to take to check the vulnerability in your stores.
If you are hacked, get immediate malware cleanup with Astra right now.
Dissection of the PrestaShop vulnerability
The vulnerability in the PHP tool PHPUnit is identified as CVE-2017-9841. According to what has been reported of the vulnerability, it affects file “
Util/PHP/eval-stdin.php” in the PHPUnit folder.
People on PHPUnit versions prior to 4.8.28 as well as those using versions 5.x prior to 5.6.3 are mostly at risk.
An attacker is able to execute arbitrary PHP code on your website due to this vulnerability. Further, the folder – ‘
/vendor‘, which houses the vulnerable file, has become ground zero of the attack.
How to check if you are vulnerable?
Checking your store for risk is easy. Just follow these simple steps:
- Access your site via an FTP client like Filezilla.
- Create a backup of your website.
- Navigate to the
/vendorfolder in your website’s root directory.
- Search for the PHPUnit folder.
Now two cases may arise:
Case 1: PHPUnit folder is there
You are at risk. Go ahead and delete the PHPUnit folder. Deleting the PHPUnit folder will not hinder the workings of your website. In fact, it will reduce your risk of getting infected with the XsamXadoo malware, whatsoever.
Now repeat this process from the start will all your modules. That is, Search, Find & Delete PHPUnit folder in all your PrestaShop modules.
PrestaShop Store hacked? Get immediate malware cleanup!
Case 2: PHPUnit folder is not there
Congratulations! You are safe 🙂
However, you can still go a little extra and secure your PrestaShop Store with proper security measures. This comprehensive PrestaShop Security Guide will prove to be extremely helpful in achieving this.
How to check if you are hacked?
You found the PHPUnit folder in your store. You deleted it. But, how can you confirm that your store has not been compromised?
Well, look at your store for the following hacking symptoms:
- You are not able to access your website.
- New/unknown admins added to your website.
- Store redirecting to unsolicited pages.
- Your website becomes very slow & shows error messages.
- Malicious ads & pop-ups appear on your website.
- Payment manipulated.
- Customers complaining of credit card misuse.
Astra users need not look for these symptoms, instead, scan your store with the Astra malware scanner.
I am hacked. What to do now?
The faster you act, the faster you are going to control the damage.
The most efficient and foolproof method is to take expert help. You need not get into a complex trial and error method of a self malware cleanup. You just need to:
- Sign up for immediate malware removal with Astra.
- Fill in your website’s credentials.
- Astra Security experts will clean the malware & backdoor in no more than 6-8 hours.
- Your website will be perfectly up & running.
If you have an above-average security acumen, you can also attempt to clean the malware on your own. This PrestaShop Malware Removal Guide shall help you with this.
Note: Unless you have superior knowledge of security, we strongly advise against going for this method. An inefficient malware cleanup can end up compromising your site even further.
To sum up – Act quickly
PrestaShop stores have come under the spell of a massive malware attack. Unless you take quick action, you might suffer with a hacked PrestaShop store.
For enhanced security, make sure you implement recommended security measures on your store.