Benjamin Hosack
2 min read

Subscribe to our Blog

Malicious Extension Name: Feed_Manager-2.0.7

retailtower

We believe that this malicious extension has been named to be similar to the legitimate Feed Manager extension (which is currently offered as version 2.1.3 on http://www.magentocommerce.com) to evade casual review by web admins.

We would highly recommend that you ensure that your website is not affected by this malicious shell.

We located the extension through an .XML file at the following location:

html/dev/var/package/Feed_Manager-2.0.7.xml

html/dev/var/package/tmp/package.xml

The contents of the .XML file explicitly mentions two obfuscated web shells, which we found at the following locations:

html/dev/skin/frontend/base/data.php

html/dev/skin/frontend/base/info.php

Detection of this malicious file is challenging using regular expressions, due to high number of variations that could be incorporated.

While we (and the extension developer RetailTower) do not believe that there is any link to the legitimate Feed Manager extension, we would recommend any websites using Feed Manager to update to the latest version.

Security controls we would highly recommend to detect issues like this are:

  • Tamper-proof seal on your website files – file change monitoring.
  • Log monitoring and alerting
  • Malware detection

This is all provided as a part of our FGX-Web solution.

As we find more information on this malicious shell, we will update our blog.

Please get in touch if you identify this malicious malware on your website – we can help!

Our Forensics Manager James talks about the Magento threat alert.

Our forensic team have seen a number of recent cases involving Magento websites that have been hacked through the same malicious web shell. The details of the web shell are as follows:

Contact Us

Access cybersecurity advisory services

 

Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles
SUBSCRIBE

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.