Kworld Trend / Fake patch threatens magento e-commerce sites Security is one of the most important factors of an ecommerce store. A report states that online stores are at risk of losing more than $20 billion in 2021. An increase in digital fraud poses a threat to online stores.
Cybercriminals are exploiting an old vulnerability in e-commerce platform Magento to breach online stores and steal sensitive information, using a piece of malware disguised as a patch designed to address the flaw.
Fake patch threatens magento e-commerce sites
In February 2015, Magento developers released patch SUPEE-5344 to fix a critical remote code execution vulnerability dubbed the ” store hijacking bug “. The security hole consists of a series of vulnerabilities, including authentication bypass, SQL injection, and remote file inclusion flaws.
More than two months after the patch was released, Dutch hosting company Byte reported that tens of thousands of Magento installations remain at risk. Moreover, The string of attacks recently spotted by Sucuri researchers indicates that there are still many unpatched stores.
The security firm has discovered compromised Magento websites that host a piece of malware pretending to be the applied SUPEE-5344 patch. Moreover, the threat is designed to give malicious actors complete control over a vulnerable Magento site by exploiting a “shoplifting bug”.
According to Sucuri, the malware is more sophisticated compared to other threats that target Magento installations. The code injected into the target site allows attackers to steal payment data and user credentials. However, the stolen information is encrypted, stored in a file disguised as a JPEG image, and sent to pre-selected email addresses.
Targeted details include credit card data, usernames and passwords, IP addresses, and server names. Credentials stored in the databases of Magento-powered sites can be used by cyber fraudsters to gain access to other online accounts because many individuals put the same password on multiple services, Sucuri said. Fake patch threatens magento e-commerce sites
Continued
In addition to stealing valuable information, the threat also includes a series of backdoor functions that allow cybercriminals to execute arbitrary code on the server, change the permissions of Magento files, and delete the file that stores the stolen data after it is no longer needed.
“As we can see, the Magento malware ecosystem is maturing and attracting more hackers, and they are bringing their arsenal of tried-and-true tricks and methods from WordPress and Joomla! However, the growing market share of commerce sites is growing,” explained Denis Synigubko, Senior Malware Researcher at Sucuri. Magento’s cyber (#1 CMS in e-commerce and #4 CMS overall) and access to financial flows make attacks even with low success rates worthwhile.”
Last month, Magento developers released a security update that resolved more than 20 vulnerabilities, including those designated Critical that could be exploited to take over e-commerce websites.
What are Magento security patches?
Developers fix security bugs by giving software updates . Magento security patch is a software release. It provides the latest updates to Magento to fix security issues .
The patch file helps fix major bugs. It adds new functionality to the old version of the program. Patches include security updates for the site.
There are two types of security patches in Magento :
- Official patches : These patches are in Magento Security Center.
- Custom patches : These patches are created and distributed by developers on Github.
The availability of the patch is announced with a pop-up message to the Magento administrator . It is also announced via email to all customers and partners.
Note: Beware of fake Magento patch
Beware of fake patches on the Internet. Hackers disguise the malware as a Magento patch . They release fake patches that contain malware code. This code pretends to be a security patch applied .
We strongly recommend that you download patches only from the official Magento website. However, you can find it in Magento Security Center . You can see patches for specific versions of Magento on the Magento Downloads page.
What are SUPEE spots?
Magento uses JIRA for bug tracking. Patches called SUPEE Patches have been released to provide support tickets .
For example, SUPEE-11346 .
Includes a self-installation script. The script contains code to update existing Magento code files .
Why are Magento security patches important? | Fake patch threatens magento ecommerce websites
Any security vulnerability has the potential to bring greater risks. Hackers look for security holes to exploit.
After the vulnerabilities are identified, the developer releases security patches. Magento offers different versions of security patches to reduce security vulnerabilities. However, the purpose of a security patch is to fix potential issues. As well as prevent other damages.
Users update the security patch to correct the vulnerability. This procedure will help you avoid big problems like data loss. Security patches protect your website from potential threats. It protects your Magento page from security breaches.
Why are the latest patches applied as soon as they are released?
Many Magento store owners avoid updates. They fear that it may change the custom features. Hackers are waiting for Magento security releases. From the patch, they identify current security problems. They scan the web for unpatched Magento sites.
Delay in applying patches leads to risks. You should add the Magento patch as soon as it is released. This will help you save your website from being hacked.
Reverse engineering of a Magento defect
To prove the seriousness of the threat, the researchers said they were able to reverse engineer the official patch and create a working proof of concept of how it could be used by attackers. The vulnerability threatens e-commerce sites that use both the commercial version of Magento and the open source version and could go back to some early versions of the product.
Moreover, to date, no attacks have been reported in the wild. However, the researchers said that cybercriminals can use the Magento bug to inject SQL commands to steal administrator rights, usernames, passwords, and other sensitive information. Even worse, such attacks can be automated to target a larger group of vulnerable e-commerce sites at once—a serious concern given that Magento has an estimated 300,000 customers.
Conclusion
Patches protect your website from security threats. Maintains data integrity. We highly recommend keeping your website up to date. However, Keep it fully patched at all times. Install security patches as soon as they are available. You must install and test the patch in a development environment. It is necessary to patch test before going live.
