Foregenix Blog

Benjamin Hosack

Magento Security - New Magento Malware - Credit Card Harvester – Beware!

web security, Magento

,27/08/15 06:30

Recent forensic cases have highlighted a new attack for Magento websites that is highly effective at stealing payment card data.  If you run a Magento website, you need to be aware of this.

Magento Malware stealing payment card data

Filesman:02 Backdoor - Again

Websites are being compromised via the Filesman backdoor, which allows attackers to access, modify and reinfect a website. Filesman is usually well hidden within the filesystem and difficult to locate (FGX-Web automatically detects Filesman and many other well-known and lesser-known Magento malware - as well as malware for other platforms).

The Attack

In this attack, the hackers use Filesman to leverage their access on the web server and then load malicious code into two files that form part of the core Magento payment framework. This means that any code contained within these pages is executed when any payments are taken on the website.

The Malicious Code


The code creates a function – the naming of the function can be almost anything. The function creates a file, masquerading as a JPEG image, within the media catalog directory structure - again the specific placement and filename are easily changed.

The code leverages predefined variables and methods from the Magento framework to concatenate the checkout information to the dynamic filename with a delimiter character that the attacker could also change as needed.

How to detect this attack?

Install FGX-Web on your website to run the malware checks, file change monitoring and to provide a web application firewall to filter out further attacks.FGX-Web will identify Filesman backdoor malware and will also scan forthe unprotected payment card data that this attack collects from each transaction.

Scan your  Website Now

Need help?

If you want to improve your Magento security, we have a team of security specialists who are available to advise, help you clean up your website and regain control of your online business. Fill in the form below and we'll get back to you immediately.


David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More
Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More

Cyber Security Insights

Jake Dennys
16/08/18 17:12

What can a Website Security Health Check provide you?

Everyday there's another data compromise. Check the news, big breaches are happening all the time - and that's just the high profile ones. It's the ...

Read More

Kirsty Trainer
15/08/18 14:39

P2PE - What are the benefits to retail merchants?

Point-to-Point-Encryption, known to most as P2PE is a standard that is quickly becoming the preferred way for acquirers and merchants to secure ...

Read More

Jake Dennys
10/08/18 09:17

Foregenix Launch New Webscan Service!

Recently our security experts have been busy overhauling our free external scanning tool. Having done some fine tuning, added a plethora of new ...

Read More

Jake Dennys
09/08/18 11:49

P2PE: How, what and why – The PCI SSC Latin America Forum.

We’re excited to be showcasing a Point-to-Point-Encryption led presentation at the PCI SSC Latin America Forum on August 15th. As industry leaders ...

Read More

Jake Dennys
16/07/18 11:38

Stronger and more frequent Brute Force Attacks are now the norm

Brute force attacks have plagued the internet for years. It’s a fairly simple concept; attempt every combination of words/numbers until the right one ...

Read More