Malware Targets Popular eCommerce Platform Magento

According to a number of security researchers, an increasing number of websites running the e-commerce platform Magento have been compromised and are being used to spread the Neutrino Exploit Kit. Th...
Blog rating:1.5 out of5 with2 ratings

Malware Targets Popular eCommerce Platform Magento

by NewsEditor_ on October 20th, 2015 in Industry and Security News.

According to a number of security researchers, an increasing number of websites running the e-commerce platform Magento have been compromised and are being used to spread the Neutrino Exploit Kit. The Neutrino Exploit Kit is a malicious program which detects and exploits vulnerabilities in the software installed on users’ machines. According to the Malwarebytes blog, this version of the exploit is seeking users with vulnerabilities contained within Adobe Flash and infecting them with the Andromeda/Gamarue malware. This form of malware is typically used to surreptitiously compromise user machines and enlist them as part of a botnet, a group of computers controlled by a third party and coordinated to collectively perform malicious tasks, such as sending out spam emails or performing a denial-of-service attack. This malware can also be adapted to steal user credentials such as account access or financial information. 

According to Magento's website, over 240,000 online merchants use their e-commerce software. Popular brands have utilized the platform for online merchant services, including Nike, North Face, and Nordstrom. Online security company Sucuri reported the infection on their blog, stating that “At this point, we can suspect that it was some vulnerability in Magento or one of the third-party extensions that allowed it to infect thousands of sites within a short time.” Google has responded to the attack by blocking over 8000 domains suspected of having been compromised. 

As the malware is spreading at a significant pace, the story will probably yield additional information in the coming weeks.  Sucuri advises system administrators to “Make sure to update everything: core files and extensions. Since the vulnerability provides access to your database, hackers could use it to create malicious admin users; so it is a good idea to review your site users.” Users at home can stay protected by installing antivirus software and ensuring that it is updated, keeping their web browser up-to-date and updating or disabling Adobe Flash. 


Average: 1.5 (2 votes)

Facebook Comments Box


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2024 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now