Global CyberSecurity

Examining Unique Magento Backdoors

By OTC 08/04/2021

Post Views: 517

Last Updated on 08/04/2021 by OTC

During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoors illustrates the ever-changing landscape of website security and highlights some of the tactics used to avoid traditional backdoor detection.

Reflection Functions

One such backdoor was appended to the Magento core file /errors/503.php:

This sample takes user input from the “ID” URL parameter and builds a reflection function, where the object stored in the $func variable will now reflect whichever function the attacker passed as input.

Continue reading Examining Unique Magento Backdoors at Sucuri Blog.

Comments

Comments are closed.

More in Global CyberSecurity

Global CyberSecurity

Examining Unique Magento Backdoors

Indian Navy begins the sea trials of Indigenous Aircraft Carrier Vikrant

Report to U.S. Congress on China Naval Modernization: Implications for U.S. Navy Capabilities

Comments

More in Global CyberSecurity

Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker

Web Shells: Types, Mitigation & Removal

Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS

Cyber-Space

JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS

WordPress Maintenance: Tasks & Best Practices

Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker

Social EYK

PHMC GPE – WebLog

Indian Navy begins the sea trials of Indigenous Aircraft Carrier Vikrant

Report to U.S. Congress on China Naval Modernization: Implications for U.S. Navy Capabilities

You may also like

Comments

More in Global CyberSecurity

Cyber-Space

Social EYK

PHMC GPE – WebLog