Malware targets popular ecommerce platform Magento
According to a number of security researchers, an increasing number of websites running the e-commerce platform Magento have been compromised and are being used to spread the Neutrino Exploit Kit. The Neutrino Exploit Kit is a malicious program which detects and exploits vulnerabilities in the software installed on users’ machines. According to the Malwarebytes blog, this version of the exploit is seeking users with vulnerabilities contained within Adobe Flash and infecting them with the Andromeda/Gamarue malware. This form of malware is typically used to surreptitiously compromise user machines and enlist them as part of a botnet, a group of computers controlled by a third party and coordinated to collectively perform malicious tasks, such as sending out spam emails or performing a denial-of-service attack. This malware can also be adapted to steal user credentials such as account access or financial information.
According to Magento's website, over 240,000 online merchants use their e-commerce software. Popular brands have utilized the platform for online merchant services, including Nike, North Face, and Nordstrom. Online security company Sucuri reported the infection on their blog, stating that “At this point, we can suspect that it was some vulnerability in Magento or one of the third-party extensions that allowed it to infect thousands of sites within a short time.” Google has responded to the attack by blocking over 8000 domains suspected of having been compromised.
As the malware is spreading at a significant pace, the story will probably yield additional information in the coming weeks. Sucuri advises system administrators to “Make sure to update everything: core files and extensions. Since the vulnerability provides access to your database, hackers could use it to create malicious admin users; so it is a good idea to review your site users.” Users at home can stay protected by installing antivirus software and ensuring that it is updated, keeping their web browser up-to-date and updating or disabling Adobe Flash.