Magento sent an email to every partners to prevent about a new malware issue.
This malware is inside a script and contains words like “onepage” or “checkout”.

Hackers use admin acess or database access to implement this code.
Magento doesn’t how they do that, but it might be because :
– Admin password is too weak
– Website doesn’t have all security patches
– Admin users were created before patch installation and were not deleted

You can check inside the Magento BO :

Admin->Configuration->General->Design->HTML Head->Miscellaneous Scripts
Admin->Configuration->General->Design->Footer-> Miscellaneous HTML

Or launch this SQL :

FROM  `core_config_data` 
WHERE path LIKE  'design/head/includes'
OR path LIKE  'design/footer/absolute_footer'

This first request will display your configuration were the code can resides.
You can add a filter on the words “onepage” and “checkout” :

FROM `core_config_data`
WHERE (path LIKE 'design/head/includes'
OR path LIKE 'design/footer/absolute_footer')
AND (value LIKE '%onepage%' OR value LIKE 'checkout')

Don’t forget to check the magento admin users, and delete the accounts which like weird for you.

Magento has got a page with security best practices, you can read this article :

New Magento Malware : Credit Card Hijack
Tagged on:     

Leave a Reply

Your email address will not be published. Required fields are marked *

We use cookies to ensure that we give you the best experience on our website.