Magento Killer is a new threat that steals payment information from Magento Store. It is a script that modifies data in the core_config_data table of the targeted Magento Database. Moreover, it alters the payment setting to redirect payment to that of the creators. This article aims to raise awareness and give you some tips that could help you avoid that. We will firstly discuss what the Script does and end up with Magento’s recommendation regarding security.
What is Magento Killer, and how does it operate?
As mentioned in the introduction, Magento Killer is a script that steals payment information. The warning about that threat has been raised by a Sucuri researcher called Luke Leak. According to his report, the code uses particular SQL queries encoded in base64 to modify the Magento database. Moreover, it uses two objects, i.e., Updates DB and Update PP, to save customers’ credit card information onto the server and change the Paypal merchant business account. In other words, the attackers transfer your payments into their bank accounts. Note that those hackers do not limit themselves only to getting money; they also save credit cards on empty bank accounts. Below is a small portion of the script used by the attackers. (image source: blog.sucuri.net)
How to reinforce the Security of your Magento Store?
Security is crucial in eCommerce. As a matter of fact, the more you take security measures, the more you improve your chances of growing online. Therefore, it is imperative always to keep an eye open to avoid risks. Below are some things you can do to enhance the security of your store.
1. Update your store regularly.
There is a new update of Magento every one or two months. New versions will handle security issues and buggies of previous versions most of the time. You can subscribe to Magento Newsletter to receive a notification whenever there are changes. The Command line is often recommended to upgrade to Magento’s latest version. This documentation explains the steps to do that.
2. Register your website for Magento Security Scan
Magento dashboard has a free tool that can help you scan and monitor the security of your website. Suppose you can use that to analyze your website and get the essential recommendations to secure your website better. You can, for example, download the file in PDF format to fix all the ‘fail‘ and ‘Unknow’ statuses.
3. Use best practices during the development and update of the website
One of the advantages of using a powerful CMS like Magento is continuity and community. Customizing your store without referring to the official documentation will only increase your chances of being hacked. Adding to that, it will become practically difficult to update on improvements at a point.
4. Improve the security of your server,
Besides the website security, your server’s security (where your website is stored) can increase your chances of being attacked. For instance, some features, such as the TLS Version, can affect payment processing. That is why working with a server specialist and making sure that he is always available to help is crucial.
5. Use third-party security services
There are third-party security services such as Sitelock that can reinforce security measures and handle hacking issues.
Overall, no one is safe on the internet. However, taking action to ensure that you do things correctly can help you avoid some issues.
Thanks for taking the time to read our article. If you need our expertise to help you with your Magento Website, our team is available to assist.