OpenCart Magento Malware Infections

Last week was quite a busy one for our team. We tackled a number of website hack cases. A number of instances were of malware infections, websites getting blacklisted by Google and even getting defaced by hackers. Statistically, majority of these cases were from OpenCart followed by Magento. The top three OpenCart & Magento malware infections/attack vectors found were:

  1. The Usual Base64 Encoded: This is the most common type of OpenCart & Magento malware infections. In this type of infection, hackers encode the malware code multiple times so that it is not understandable by the store owner. Further, to deceive the store owner/IT team the file containing malware is given names such as payments.php, shipping.php or something that the website owner thinks to be a legit file which is a part of the OpenCart/Magento file system. This type of malware usually changes the payment gateway keys trying to re-direct payments from customers to their(hacker) owned payment systems.
    OpenCart & Magento Malware Infections : Astra Security
    An Example of Base64 Encoded Malware
  2. The Database Infection: Often automated hacking scripts look for vulnerabilities in websites which allow them to infect database of the website. If such a loophole is found, malicious scripts are injected into the website database. Usually, the purpose of this type of malware is to put links of websites run by hackers into the product description/category description of an e-commerce store. This technique is used to perform SEO spam and adware injection. Something similar was seen in WordPress this year where a lot of WordPress websites were a subject to an SEO spam due to a critical vulnerability.
    Opencart & Magento Database Infection Protection by Astra Security
    Malicious Javascript Being Injected in Database in the ‘Product Description’ column of the website
  3. The Deadly Backdoor: This is one of the most critical OpenCart & Magento Malware Infection. We encountered multiple cases of this one last week. This malware is a backdoor which automatically adds an admin user to the system with username & password being ‘root’ (or anything else which hacker has specified).

Last week, a customer who’s store was infected by malware decided to use our malware cleanup services. In order to limit the exposure of website to malware, we deployed Astra before starting the malware cleanup process. While the cleanup was still on, Astra detected the following login from Russia:
Astra Security for Magento & Malware - Login Activity

This meant that someone logged into the system from Russia, using the username & password as ‘root’. While, our client was from Europe not Russia. Our team was quick to find the cause of this. There was a script which was running periodically and adding an additional admin user to the website. After this user was added, a hacker was logging into the website and changing the payment information.

OpenCart & Magento Malware Infections seem to be on a rise. Hackers often target small and medium sized business because of the limited/no security solutions these type of businesses use. It is a good practice to use a security solution for your website and not wait to get hacked. You can always give Astra a spin here.

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Shikhil plays on the line between security and marketing. When not thinking about how to make Astra super simple, Shikhil can be found enjoying alternative rock or a game of football.

4 Comments

  1. Security is the priority. It’s good to keep your Magento store version updated and immediately install security patches after their release. In this case, your store will be free and safe from Malware and future hits.

  2. Magento SUPEE-10266 and New Versions: Update Immediately - Astra Web Security Blog - Reply

    […] one of the most favored e-commerce platforms, is often a target for cyber-criminals. Its huge popularity owes to its strict security practices, a timely update of […]

  3. OpenCart & Magento Malware Redirecting to Malicious Advertising Websites - Steps to Find & Fix - Astra Web Security Blog - Reply

    […] An OpenCart & Magento malware redirecting both desktop and mobile websites to malicious links has been doing rounds. Since last week we have encountered several cases of this malware. There are no specific versions which are being targeted as we have seen this infection in wide range of versions in both Magento & OpenCart. […]

  4. Detailed Guide on Website Malware Attacks: Causes, Consequences & Steps to Fix - Astra Web Security Blog - Reply

    […] More about all these infections and how to fix them can be found at our detailed guide here […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close