Attackers try to compromise Magento with a fake patch
Attackers are still trying to find Magento installations that haven’t patched a particularly bad vulnerability, this time trying to trick people into downloading a fake patch.
The bogus patch purports to fix a flaw known as the Shoplift Bug, or SUPEE-5344, wrote Denis Sinegubko, a senior malware researcher with Sucuri.
“While the patch was released February 2015, many sites unfortunately did not update,” he wrote. “This gave hackers an opportunity to compromise thousands of Magento powered online stores.”