Magento is an eCommerce system software & platform used by many of the worlds leading brands for their online stores. Magento users who have not updated their site with security patch “SUPEE-5344” run the risk of having their websites compromised by the “Shoplift Bug” which is a fake patch being passed around by hackers according to a blog post penned by Denis Sinegubko, a Sucuri senior malware researcher.
“Because of the severity of the vulnerability, many hackers know how important that patch is and some are even trying to piggyback on it,” wrote Sinegubko, noting that while the fake patch appears to be a real fix to the Shoplift remote code execution vulnerability, “the code actually belonged to a Magento credit card stealing malware which exploited the very bug that SUPEE-5344 is supposed to be fixing.”
The senior malware researcher urged organizations to update their Magento sites with the SUPEE-5344 patch, calling it “the most important patch that should be applied to all Magento versions released prior to February 2015.”
Contact us today if you are concerned about your Magento based eCommerce site and the possibility of being compromised.