Security experts warn of a new threat to Magento owners that roots deeper into the platform to extract card and payment data
Following the threat to Magento platform owners in October 2014, an evolved and more sophisticated malware – Malware Phantom – has been discovered by security experts Foregenix that puts online businesses at risk from a new of wave of attacks from cyber hackers.
The new Magento Phantom malware roots itself deeper into impacted sites and makes system modifications in order to harvest payment card details, as well as other confidential data belonging to both customers and the website. Foregenix is urging potentially affected businesses to contact them immediately to detect for the threat.
The compromise does not highlight weaknesses or vulnerabilities in the Magento solution itself, but relates to Magento users unintentionally installing compromised or fake extensions to the Magento framework, which can then leave businesses open to attack.
The invasive malware is deployed through the use of a malicious file containing compromised or fake Magento extensions. The file is then used by hackers to make unauthorised modifications to the core Magento framework, resulting in stolen data.
This new evolution to the malware also includes functionality to automatically alert hackers when new harvest files are created, allowing them to steal even more payment card data from the compromised site.
In a previous Magento alert issued by Foregenix, it was possible to scan websites to detect the compromise externally, this new evolution is only detectable when scanning the internal file structure of the website. Potential victims need to visit www.foregenix.com and download Vngo – an online cyber security monitoring tool that has been enhanced to detect for the Magento Phantom malware.
Vngo, previously known as WebShield, offers 24/7 online security monitoring for websites, alerting website owners to potential threats and offering unlimited support and guidance from the UK’s leading data security and forensics team to remove malware and viruses from client websites.
Speaking about the latest compromise, Director and technical forensic expert at Foregenix, Andrew Bontoft, said:“As one of the most popular ecommerce platforms, Magento is an obvious target for hackers and businesses should maintain extra vigilance when selecting and installing modules and plugins to their site.The way in which hackers has evolved, so businesses need to make sure that they are deploying code from legitimate and trusted sources.”