The Top 3 Most Common OpenCart & Magento Malware Infections

Updated on: March 29, 2020

2 mins read

The Top 3 Most Common OpenCart & Magento Malware Infections

Last week was quite a busy one for our team. We tackled a number of website hack cases. A number of instances were of malware infections, websites getting blacklisted by Google and even getting defaced by hackers. Statistically, majority of these cases were from OpenCart followed by Magento. The top three OpenCart & Magento malware infections/attack vectors found were:

The Usual Base64 Encoded: This is the most common type of OpenCart & Magento malware infections. In this type of infection, hackers encode the malware code multiple times so that it is not understandable by the store owner. Further, to deceive the store owner/IT team the file containing malware is given names such as payments.php, shipping.php or something that the website owner thinks to be a legit file which is a part of the OpenCart/Magento file system. This type of malware usually changes the payment gateway keys trying to re-direct payments from customers to their(hacker) owned payment systems.

OpenCart & Magento Malware Infections : Astra Security — An Example of Base64 Encoded Malware

The Database Infection: Often automated hacking scripts look for vulnerabilities in websites which allow them to infect database of the website. If such a loophole is found, malicious scripts are injected into the website database. Usually, the purpose of this type of malware is to put links of websites run by hackers into the product description/category description of an e-commerce store. This technique is used to perform SEO spam and adware injection. Something similar was seen in WordPress this year where a lot of WordPress websites were a subject to an SEO spam due to a critical vulnerability.

Opencart & Magento Database Infection Protection by Astra Security — Malicious Javascript Being Injected in Database in the ‘Product Description’ column of the website

The Deadly Backdoor: This is one of the most critical OpenCart & Magento Malware Infection. We encountered multiple cases of this one last week. This malware is a backdoor which automatically adds an admin user to the system with username & password being ‘root’ (or anything else which hacker has specified).

Astra Security for Magento & Malware - Login Activity

Last week, a customer who’s store was infected by malware decided to use our malware cleanup services. In order to limit the exposure of website to malware, we deployed Astra before starting the malware cleanup process. While the cleanup was still on, Astra detected the following login from Russia:

This meant that someone logged into the system from Russia, using the username & password as ‘root’. While, our client was from Europe not Russia. Our team was quick to find the cause of this. There was a script which was running periodically and adding an additional admin user to the website. After this user was added, a hacker was logging into the website and changing the payment information.

OpenCart & Magento Malware Infections seem to be on a rise. Hackers often target small and medium sized business because of the limited/no security solutions these type of businesses use. It is a good practice to use a security solution for your website and not wait to get hacked. You can always give Astra a spin here.

Tags: Japanese SEO Spam, Magento, malware, OpenCart, spam prevention

Shikhil Sharma

Shikhil Sharma is the founder & CEO of Astra Security. Being involved with cybersecurity for over six years now, his vision is to make cyber security a 5-minute affair. Shikhil plays on the line between security and marketing. When not thinking about how to make Astra super simple, Shikhil can be found enjoying alternative rock or a game of football. Astra Security has been rewarded at Global Conference on Cyber Security by PM of India Mr. Narendra Modi. French President Mr. François Hollande also rewarded Astra under the La French Tech program. Astra Security is also a NASSCOM Emerge 50 company.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

5 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Fayyaz Khattak

6 years ago

Security is the priority. It’s good to keep your Magento store version updated and immediately install security patches after their release. In this case, your store will be free and safe from Malware and future hits.

Magento SUPEE-10266 and New Versions: Update Immediately - Astra Web Security Blog

6 years ago

[…] one of the most favored e-commerce platforms, is often a target for cyber-criminals. Its huge popularity owes to its strict security practices, a timely update of […]

OpenCart & Magento Malware Redirecting to Malicious Advertising Websites - Steps to Find & Fix - Astra Web Security Blog

6 years ago

[…] An OpenCart & Magento malware redirecting both desktop and mobile websites to malicious links has been doing rounds. Since last week we have encountered several cases of this malware. There are no specific versions which are being targeted as we have seen this infection in wide range of versions in both Magento & OpenCart. […]

Detailed Guide on Website Malware Attacks: Causes, Consequences & Steps to Fix - Astra Web Security Blog

6 years ago

[…] More about all these infections and how to fix them can be found at our detailed guide here […]

The Top 3 Most Common OpenCart & Magento Malware Infections

Psst! Hi there. We’re Astra.

Pentest

Company

Resources

Services

The Top 3 Most Common OpenCart & Magento Malware Infections

Related Articles

Psst! Hi there. We’re Astra.

Pentest

Company

Resources

Services

Search Astra’s blog for: