- Apr 21, 2016
- 4,374
Security experts have discovered a new malware strain targeting online shops running on Magento, one of the most popular e-commerce platforms. What sets this malware apart is the fact that it can self-heal by using code hidden in the website's database.
According to researchers, this isn't the first web malware that hides code in the website's database, but it is the first written in SQL, as a stored procedure.
So, how does this work? Well, whenever a user places a new order, the malware starts execution. Then, the malicious database trigger executes before the Magento platform even puts together the PHP and assembles the page, reads a blog post signed by Willem de Groot, the researcher who analyzed the malware discovered by Jaroen Boersma.
The query, he says, checks for the existence of the malware in the header, footer, copyright and every CMS block. If it doesn't find anything, it re-adds i... (read more)
Continue reading...
According to researchers, this isn't the first web malware that hides code in the website's database, but it is the first written in SQL, as a stored procedure.
So, how does this work? Well, whenever a user places a new order, the malware starts execution. Then, the malicious database trigger executes before the Magento platform even puts together the PHP and assembles the page, reads a blog post signed by Willem de Groot, the researcher who analyzed the malware discovered by Jaroen Boersma.
The query, he says, checks for the existence of the malware in the header, footer, copyright and every CMS block. If it doesn't find anything, it re-adds i... (read more)
Continue reading...
