SnapFast, a Magento-centric hosting provider, has posted an article revealing a Magento threat to customer data that was recently uncovered in their analysis of a Magento-powered store. According to their blog post, a hacker was able to inject code into the app/Mage.php file that created a JPG file containing customer payment information. Once created, this JPG could be retrieved and used by the hacker.
The code, of course, could be injected into several different possible locations in a Magento install to achieve the same effect. SnapFast offers several possible means by which this intrusion could be achieved, but doesn’t disclose the exact means in this particular example case. The scariest possibility is that a hacker could have exploited a security hole in a third-party extension. Magento extensions — especially those that allow for the uploading of files — should be carefully vetted and reviewed.
We have found a service that has proven very successful — at least for those we know — in identifying hacked code in a Magento installation. Sucuri provides analysis of sites on an ongoing basis and will alert you if your site has been compromised. They also offer a “cleaning” service to remove any found malfeasance. Scanning of one site is currently free. They have other related services, as well.
Latest posts by Mage Daily (see all)
- Magento 2.0.6 Security Update Announced - May 17, 2016
- SSL Injection Vulnerability for Certain Magento Extensions - April 26, 2016
- MAGEDAILY Exclusive: Magento 2 Migration Offering - April 25, 2016