Malicious Magento User Creator

We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring to a Croatian Magento consulting company.

The script is simple but very effective and can easily be overlooked as another Magento file without closer inspection. It’s based on a sample that has been circulating the Internet since 2012 and provides a boilerplate for attackers to easily specify user details.

Continue reading Malicious Magento User Creator at Sucuri Blog.

Story added 21. July 2020, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

How to Stay Cyber Safe While Social-Distancing
How we may’ve made Friday’s massive internet outage worse
Wider use of HTTPS could have prevented attack against GitHub
Mozilla Patches Second Firefox Zero-Day Used in Cryptocurrency Attacks
Bash malware targets embedded devices running BusyBox
S2 Ep15: City under attack! VPN hacked, floppies nixed
Apple totally loses the patent plot, big time
For Three Years Running, McAfee Advanced Threat Defense Places in Radicati’s Top Players Quadrant for APT Protection
Signals from distant lightning could help secure electric substations
HSBC uses facial recognition so customers can open new bank accounts with a selfie

Malicious Magento User Creator

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts