Recently, Dutch malware experts have found a new malware strain that targets online shops running on the Magento which is one of the most popular e-commerce platform that can self-heal using code hidden in the website’s database.
How it works?
Th malware affecting Magento stores that can steal user card information, which puts quite a lot of people at risk. The SQL part of the code, however, makes sure that the malware survives as long as possible on the platforms.
“The discovery shows we have entered a new phase of malware evolution. Just scanning files is not enough anymore, malware detection methods should now include database analysis,” de Groot writes.
You could scan a dump of your database and know whether it contains malicious stuff. But now, the actual malware is executed inside the DB,” de Groot said. He also added that “This is the first time I see malware written in SQL. Previously, malware was written in JS or PHP.”
Magento malware has its JS & PHP component that takes care of stealing user card information and interesting SQL part is to ensure the malware survives as much as possible.
“The malware got resilient against removal attempts and The malware attacks the DB instead of the e-commerce app”
This malware strain appears to infect databases following brute-force attacks on the /rss/catalog/notifystock/ URL, even on completely patched shops.