Adobe patches critical Magento admin takeover via menu injection
A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.| Sansec
A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.| Sansec
Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6...| Sansec
Sansec found criminals mass-scanning for defunct.dat files which contain GSocket backdoor keys. A quick scan reveals dozens of infected stores.| Sansec
Increasing use of Content Security Policy (CSP) as PCI-DSS 4.0 goes live on April 1st. However, our research shows that most online stores have not enabled C...| Sansec
Simple, integrated & free CSP monitoring for Magento| Sansec
Merchants outraged as PCI-SSC changes compliance criteria just weeks before the new regulation comes into effect.| Sansec
Critical (CVSS 9.4) release enables attackers to take control of customer accounts.| Sansec
Criminals have secretly rewired 3,500 online stores to continuously harvest credit card numbers. The fraud can be traced back as far as May 12th 2015, so if you have bought something at one of thes...| Sansec - experts in eCommerce security
Visbot is one of the oldest Magecart payment skimmers: it steals customer data and credit cards. The first case was documented as early as March 2015. But being publicly discussed did not stop it ...| Sansec - experts in eCommerce security
Regular Javascript-based malware is normally injected in the static header or footer HTML definitions in the database. Cleaning these records used to be sufficient to get rid of the malware. But n...| Sansec - experts in eCommerce security
This post shows how sophisticated Magento hacking operations have become nowadays.While investigating a bruteforced Magento store, we noticed that the hacker logged in using a curious referrer sit...| Sansec - experts in eCommerce security
Part of a series where Magento security professionals share their case notes, so that we can ultimately distill a set of best practices, tools and workflow.Part of the job of running the MageRepo...| Sansec - experts in eCommerce security
Update May 21st: a similar phishing mail circulates about a fake patch SUPEE-1798.Update Apr 22nd: added reference to Neutrino Bot and POS systemsThis week a mail was sent out to announce the ne...| Sansec - experts in eCommerce security
If you code against Akamai hosted sites, you could be rejected because your HTTP library sends request headers in the wrong order. In fact, most libraries use undefined order, as the IETF specifica...| Sansec - experts in eCommerce security
Does your laptop get hot when visiting your favorite shop? You computer is likely mining cryptocurrencies to the benefit of a cyberthief.Cryptojacking - running crypto mining software in the brow...| Sansec - experts in eCommerce security
Magento merchants have recently received messages like this:Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! -- knockers@yahoo.comUpon closer exa...| Sansec - experts in eCommerce security
A single group is responsible for planting skimmers on 7339 individual stores in the last 6 months. The MagentoCore skimmer is now the most successful to date.Update 2018-09-07: Because Google Chr...| Sansec - experts in eCommerce security
Would you - a webdeveloper - get alarmed if you found the following code on your website? Probably not, as Google Analytics is embedded in pretty much every website these days:<script type=&quo...| Sansec - experts in eCommerce security
While Filipinos are recovering from typhoon Mangkhut, another misfortune awaits them online. We found their broadcasting giant ABS-CBN − a $740 million conglomerate & top-500 global Internet de...| Sansec - experts in eCommerce security
Back in 2016, Magecart skimmers would evade detection by sleeping if any developer tools were found running. Then, their malware would 404 without correct Referer or User-Agent header. And now, Ma...| Sansec - experts in eCommerce security
The store of German political party CSU (www.csu-shop.de) contains an identity skimmer that was planted on or before Oct 5th, right before the Bavarian election on Oct 14th. Personal identifyable ...| Sansec - experts in eCommerce security
Online credit card theft has been all over the news: criminals inject hidden card stealers on legitimate checkout pages. But how are they are able to inject anything in the first place? As it turn...| Sansec - experts in eCommerce security
Update Nov 23rd: Webgility has released a patch and a public statement, urging all customers to upgrade to version 345.Update Nov 30th: Webgility has discovered another security issue and urges a...| Sansec - experts in eCommerce security
1 in 5 compromised merchants get reinfected, average skimming operation lasts 13 daysMageCart, the notorious actors behind massive online card skimming, has been busy. And so have we: our crawlers...| Sansec - experts in eCommerce security
Skimmers found to subtly sabotage each others fraud operationsCompetition is grim in the online skimming business (aka "MageCart"). The aggressive MagentoCore skimmer was previously obs...| Sansec - experts in eCommerce security
Update 2019-01-20: the root cause is a protocol flaw in MySQL.Adminer is a popular PHP tool to administer MySQL and PostgreSQL databases. However, it can be lured to disclose arbitrary files. Atta...| Sansec - experts in eCommerce security
This week I discovered that large ecommerce and government sites got hacked via the Adminer database tool. As it turns out, the root cause is a protocol flaw in MySQL. Curiously, it is described in...| Sansec - experts in eCommerce security
In October last year I discovered several Magento extension 0days. As it turns out, this was only the tip of the iceberg: today, insecure 3rd party extensions are used to hack into thousands of sto...| Sansec - experts in eCommerce security
MageCart attacks on online stores surged last year, culminating in the hack of British Airways and Ticketmaster. This year the trend continues with another high-profile target. The Atlanta Hawks sh...| Sansec - experts in eCommerce security
Sansec discovered a polymorphic skimmer that works with 57 different payment gateways. It has global reach, affecting payment systems from Germany to Brazil. It is by far the most advanced skimmer ...| Sansec - experts in eCommerce security
After the NBA Hawks got skimmed last week, this time Puma's Australian customers are cannon fodder for Magecart thieves. Anyone who ordered a pair of sneakers online, had their name, address and cr...| Sansec - experts in eCommerce security
The number of hacked Magento 2 stores spiked in the last four weeks, after a critical security flaw was discovered in March and criminals stole admin passwords within 16 hours. Merchants are advise...| Sansec - experts in eCommerce security
The PCI Security Standards Council and the Retail & Hospitality ISAC alert merchants to the threat of digital skimming. In its report, it quotes Sansec research, which has found that about 20% ...| Sansec - experts in eCommerce security
Cementing itself as a global force in the protection against eCommerce fraud, Sansec has been invited to speak at the fifth edition of Europol’s Training Course on Payment Card Fraud Forensic Inves...| Sansec - experts in eCommerce security
The FBI warns small and medium-sized businesses and government agencies against the threat of e-skimming. E-skimming occurs when cyber criminals inject malicious code onto a website.Read the origi...| Sansec - experts in eCommerce security
The store of a US Magento extension vendor was found compromised. Attackers had write access to the server selling extensions. We are awaiting a statement on the integrity of downloaded software.O...| Sansec - experts in eCommerce security
Digital skimming groups (aka Magecart) hit another low, as they successfully targeted the American Cancer Society last night. Our skimmer detectors found a piece of malicious code embedded on the C...| Sansec - experts in eCommerce security
Payment skimmers are hiding their malpractice by impersonating our Sansec anti-skimming service. They have registered malicious domains sansec.us and sanguinelab.net, even using a fake address in A...| Sansec - experts in eCommerce security
The Indonesian police announced on Friday that they have arrested three alleged Magecart hackers on December 20th. The suspects are from Jakarta and Yogyakarta and are 23, 26 and 35 years old. Afte...| Sansec - experts in eCommerce security
Utrecht, February 20; Sansec is proud to announce that it hasformed a long-term strategic partnership with maxcluster to bring itsindustry-leading anti-malware technology to the German e-commerce...| Sansec - experts in eCommerce security
Sansec, a global leader in eCommerce security, reveals that hackers successfully infiltrated an online printing platform for more than two and a half years. Our research shows that crooks ran keylo...| Sansec - experts in eCommerce security
Magento 1 will no longer receive official updates & security fixes per July 1st, 2020 (the end-of-life, or EOL date). Merchants are urged to upgrade to Magento 2, but for many stores this deadl...| Sansec - experts in eCommerce security
Over a 100 thousands Magento 1 stores will be running after Adobe terminates support in June (end-of-life). Many merchants need more time to transition to Magento 2 or another platform. No need to ...| Sansec - experts in eCommerce security
While an international retail chain closed its physical stores, attackers hacked its online presence, Sansec research shows. Following common Magecart malpractice, payment skimmers were injected an...| Sansec - experts in eCommerce security
A newly discovered skimming campaign runs entirely on Google servers, Sansec research shows. The novel malware sends stolen credit cards directly to Google Analytics, evading security controls like...| Sansec - experts in eCommerce security
Previously, North Korean hacking activity was mostly restricted to banks and South Korean crypto markets^cryptohack, covert cyber operations that earned hackers $2 billion, according to a 2019 Unit...| Sansec - experts in eCommerce security
Update Sept 18: Cardbleed has infected 2806 Magento1 stores so far (3% of total install base)Over the weekend, almost two thousand Magento 1 stores across the world have been hacked in the largest...| Sansec - experts in eCommerce security
Researchers at Sansec have uncovered a novel technique to inject payment skimmers onto checkout pages. This new malware has two parts: a concealed payload and a decoder, of which the latter reads t...| Sansec - experts in eCommerce security
The affected stores were all running the older Magento 2.2, which is unsupported since December 2019.In addition to the injected flaw, attackers used a hybrid skimming architecture, with front and...| Sansec - experts in eCommerce security
Sansec discovered a clever remote access trojan (RAT) that has been hiding in the alleys of hacked eCommerce servers. Despite the advanced setup, perpetrators mistakenly left a list of victim store...| Sansec - experts in eCommerce security
Once the data is intercepted and exfiltrated, the attackers display an error message and the customer is redirected to the real payment page. Customers probably just enter their details again and i...| Sansec - experts in eCommerce security
The Google business application platform Apps Script is used to funnel stolen personal data, Sansec learned. Attackers use the reputation of the trusted Google domain script.google.com to evade mal...| Sansec - experts in eCommerce security
This is what happened to one of our clients. Due to his attentiveness - and a bit of luck! - this merchant noticed some abnormalities in his store’s code. He wasn’t using our malware scanning techn...| Sansec - experts in eCommerce security
A merchant recently reached out to us, after hiring two forensic companies but still having malware on his store. As we appreciate a challenge, our team got started and quickly discovered an intric...| Sansec - experts in eCommerce security
At this time of year we typically see a surge in eCommerce attacks and new malware. Last week we analyzed a clever malware attacking online stores, and today we expose another, much more sophistica...| Sansec - experts in eCommerce security
Last week we exposed the CronRAT eCommerce malware, which is controlled by a Chinese server. Out of curiosity, we wrote a "custom" RAT client and waited for commands from the far east. Ev...| Sansec - experts in eCommerce security
Updated Dec 20th. This article describes how Magento is affected by the critical log4j vulnerability, and what you can (and should) do to prevent a hack.A critical vulnerability in the popular Log...| Sansec - experts in eCommerce security
More than 350 ecommerce stores infected with malware in a single day.Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the ...| Sansec - experts in eCommerce security
Update Feb 21st, 2022: Sansec has observed the first actual attacks in the wild. Patch now! Unfortunately, this validates our previous prediction that abuse would start within days. Attacks are com...| Sansec - experts in eCommerce security
Currently, Sansec eComscan is the only malware scanner that detects the injected remote access trojan (see Virustotal).223sam.jpg attackAll of the observed attacks have been interactive, possibly...| Sansec - experts in eCommerce security
Related: many stores are occassionally contacted by "security researchers" who claim to have found a vulnerability and want a "bounty" to disclose it. In 99% of these cases, the...| Sansec - experts in eCommerce security
After a quiet summer, the number of attacks targeting the mail template vulnerability in Magento 2 and Adobe Commerce is rising fast. Merchants and developers should be on the lookout for TrojanOrd...| Sansec - experts in eCommerce security
Magento 2 template hacks have been raging since a month or two, and Sansec is closely tracking any new attack payloads. So far, we observed about 20 different payloads which all added a basic PHP b...| Sansec - experts in eCommerce security
BackgroundAdobe’s fix to CVE-2022-24086 was to remove “smart” mail templates. Many vendors were caught off guard and had to revert to the original functionality. In doing so, they unknowingly expo...| Sansec - experts in eCommerce security
It is a common practice to make ad-hoc backups during store platform maintenance. The problem, however, is that these backups often end up in a public folder. Perhaps the administrator intended to ...| Sansec - experts in eCommerce security
The domain gtag-analytics.com has recently emerged as a threat, employing various cunning techniques to evade detection and targeting unsuspecting users, but what makes it especially deceptive is i...| Sansec - experts in eCommerce security
Attackers are devising ingenious methods to prolong their skimming activities, aiming for sustained persistence.The usual tactics, techniques, and procedures (TTP) include the creation of disposab...| Sansec - experts in eCommerce security
Cybercriminals in eCommerce are diversifying their targets, now aiming at entire customer databases instead of just stealing credit cards. A recent incident revealed this trend: a hacked Magento ad...| Sansec - experts in eCommerce security
In recent weeks, Sansec observed a spike in hacked Magento 2 stores. Our investigations led to a (likely) single attacker, who used a combination of clever techniques to bypass WAFs and competing t...| Sansec - experts in eCommerce security
In a strategic alliance, Europol, the European Union Agency for Cybersecurity (ENISA), law enforcement from 17 nations, and key private sector entities such as Sansec, have aligned to counteract th...| Sansec - experts in eCommerce security
In January we announced our partnership with Europol and today, we are proud to be recognized by Google as experts in eCommerce security.Sansec and Google have agreed on a data exchange and we tru...| Sansec - experts in eCommerce security
The following XML code was found in the layout_update database table and is responsible for periodic reinfections of your system.Attackers combine the Magento layout parser with the beberlei/asse...| Sansec - experts in eCommerce security
Update June 27th: Adobe has now provided an official, isolated fix that can be applied to installations without requiring upgrade.Update June 27th: our partner Hypernode as actually observed the ...| Sansec - experts in eCommerce security
Almost a month ago, we warned about the CosmicSting attack that threatens 75% of Adobe Commerce stores. Sansec now observes mass-abuse of this vulnerability ...| Sansec
Attackers are abusing Google services like Translate and YouTube to bypass security measures and execute malicious campaigns. Recent incidents and strategies...| Sansec
Cybercriminals have hacked 5% of all Adobe Commerce and Magento stores this summer. Among the victims are large international brands. Seven distinct groups a...| Sansec
In our previous posts, we discussed how threat actors were abusing CosmicSting by injecting malicious scripts into CMS blocks. While these attacks continue, ...| Sansec
CosmicSting (aka CVE-2024-34102) is the worst bug to hit Magento and Adobe Commerce stores in two years. Sansec observes that stores are getting hacked at a ...| Sansec
Browser-based protection can easily be bypassed by the majority of digital skimming attacks.| Sansec
Use Sansec eComscan to discover all malware & vulnerabilities in your online store. Supports Magento, Adobe Commerce, WooCommerce, Shopware and many others.| Sansec
The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.| Sansec
Fishpig, a vendor of popular Magento-Wordpress integrations, has been hacked. Sansec found that attackers have injected malware in Fishpig software and taken...| Sansec
