Home | News | Sucuri Security News | Shell Logins as a Magento Reinfection Vector

Shell Logins as a Magento Reinfection Vector

Shell Logins as a Magento Reinfection Vector

Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following files:

  • app/Mage.php;
  • lib/Varien/Autoload.php;
  • index.php;
  • app/code/core/Mage/Core/functions.php;

These are common files for attackers to target as they operate throughout Magento sites, but these instances were special as they had a very peculiar reinfection rate.

Malicious Scripts Loaded Through .bashrc

Upon closer inspection, we came across this snippet in the site owner’s .bashrc file.

Continue reading Shell Logins as a Magento Reinfection Vector at Sucuri Blog.

https://blog.sucuri.net/?fwp_blog_categories=wordpress-security

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.