Massive Infection of Magento Websites
The Neutrino exploit kit that infects Magento-powered ecommerce sites with an info stealer — the Andromeda/Gamarue malware.
Because Magento is the most popular e-commerce software, it is very often attacked by cybercriminals. The latest worrying episode: several days ago security specialists from Sucuri and Malwarebytes discovered a new pattern of redirections to the Neutrino Exploit kit that infects Magento-powered ecommerce sites with an infostealer — the Andromeda/Gamarue malware. More than seven thousand affected sites are blacklisted by Google, and their number increases each day.
It’s still not clear how all those sites were infected. Security researchers from Sucury have two suspects: some vulnerability in Magento and one of the third-party modules.
The bad news is that this vulnerability allows to access your database and attackers are able to create unathorized admin users. Your site and sensitive customer information may be under control of criminals! We strongly recommend to check on malicious admin users in the backend of your site. Also, it’s advisable to update core files and extensions to more stable versions.
If you are conсerned that your website has been attacked or have any questions, please feel free to contact us.
Sources: “New Neutrino EK Campaign Drops Andromeda” by Malwarebytes, “Massive Magento Guruincsite Infection” by Sucuri
Hunting for Magento development support?
We’ll be in touch soon if you leave your contact information