Magento Shops malware risk identified

No primary category set

According to security and Magento blogger Willem de Groot, a Magento shops plug-in was vulnerable to malware attacks that harvested payment details.

The Mirasvit Helpdesk MX plugin could be infected with malware. But the error was resolved in September, so unless you’re running an old version of the plug-in, you should be fine.

De Groot described the problem in full on his blog here and said: “When a helpdesk agent opens the ticket, it will run the code in the background, in the browser of the agent. Then, malware is added to the footer of the Magento template, so that it is run by all store visitors. Ultimately, the malware intercepts payments data and send it offshore as the customer types it into the payment form.

This attack is particularly sophisticated, as it is able to bypass many security measures that a merchant might have taken. For example, IP restriction on the backend, strong passwords, 2-Factor-Authentication and using a VPN tunnel will not block this attack.”

It’s impossible to know how widespread this particular malware problem was for Magento shops users although it’s good to report it has been resolved. However, if you’re using a version of the plug in older than 1.5.3 you are best advised to update immediately. You can read a security advisory from Mirasvit here.

If you have any more insights, or experienced this hack, we’d be interested to hear from you.

RELATED POSTS..

Sports and athleisure brands smash it on TikTok Shop

Sports and athleisure brands smash it on TikTok Shop – Puma up 182%

Stuart Hill Ex Matches COO on transitioning to logistics at DHL

Stuart Hill Ex Matches COO on transitioning to logistics at DHL

Prepare to leverage learnings on Prime Day

Prepare to leverage learnings on Prime Day

TikTok Live and in-person auction with Luxe Collective

TikTok Live and in-person auction with Luxe Collective

Spicerack sex toy marketplace offers refuge to Etsy sellers

Spicerack sex toy marketplace offers refuge to Etsy sellers

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Latest

Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars