Fake patch steals payment info

By on
Fake patch steals payment info

Organisations that haven't updated their Magento sites with the SUPEE-5344 security patch for the Shoplift Bug run the risk of having their sites compromised by wily hackers pitching a fake patch, according to a blog post penned by Denis Sinegubko, a Sucuri senior malware researcher.

“Because of the severity of the vulnerability, many hackers know how important that patch is and some are even trying to piggyback on it,” wrote Sinegubko, noting that while the fake patch appears to be a real fix to the Shoplift remote code execution vulnerability, “the code actually belonged to a Magento credit card stealing malware which exploited the very bug that SUPEE-5344 is supposed to be fixing”.

He urged organisations to update their Magento sites using the SUPEE-5344 patch, calling it “the most important patch that should be applied to all Magento versions released prior to February 2015”.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What's your top marketing tactic for 2020?
Long lunches with customers and prospects
Content marketing to drive website visits
Social media
More use of CRM
Word of mouth
Online ads
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?