SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
22 Oct 2015

Thousands of e-commerce Magento websites struck with Guruncsite malware

Websites running the Magento CMS are being infected with malware in a fresh campaign which has impacted thousands of domains in a matter of days.

Over the weekend, researchers from Sucuri Labs said the attack involves the injection of malicious scripts through iframes from guruincsite.com.

There are two modified versions of the infection, and while one is obfuscated, the other is not -- giving security teams a virtual beacon to track the malicious domain involved in this latest attack on content management systems. According to the team, Google has already blacklisted almost 8,000 infected websites over the past 90 days. Webmasters in Google forums who have been affected by the campaign say malicious code has been found in design aspects of their Magento CMS systems, particularly within the Footer - Miscellaneous Scripts areas of their sites. Removing these scripts and then resubmitting clean websites back to Google for review should remove the blacklisting.

The Magento content management system, tailored for e-commerce, is used by over 200,000 companies worldwide. Sucuri is investigating the spread of Guruincsite and suspect "it was some vulnerability in Magento or one of the third-party extensions that allowed it to infect thousands of sites within a short time." However, the actual attack vector is yet to be discovered, which potentially placing hundreds of thousands of online retail websites -- and any financial data stored within -- at risk.

Researchers from Malwarebytes say guruincsite is also linked to the infrastructure of a campaign using the Neutrino Exploit Kit. The "neitrino" cyberattack campaign uses the same attack on the server side that Sucuri noticed, but instead compromises domains client side via web exploits. Websites compromised through a Flash exploit are harvested for financial data and also become slaves to a botnet system.

Sucuri recommends that webmasters make sure their systems are up-to-date and to consider using website firewalls to better protect online domains. A number of webmasters with infected sites have noticed unidentified admin users appearing in their systems, and immediate removal is the best way to go.

A Magento spokesperson told: "We are actively investigating reports of Magento sites being targeted by Guruincsite malware (Neutrino exploit kit) and are working with our developers in coordination with Magento hosting partners and community members.  We have NOT identified a new attack vector at this time but rather have found that all sites that we have checked show as vulnerable to a previously identified code execution issue for which we released a patch in early 2015. With the exception of one identified Magento Enterprise Edition merchant, we have not found any other enterprise clients that have been affected. Magento Security & Support Teams are actively working with the one Magento Enterprise Edition merchant impacted by this issue."

Tags:
Magento information leaks
Source:
ZDNet
1630
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015