A new malware has discovered by security researchers , It is targeting mostly on Magento stores, with capability of self-healing to restore itself after deletion.
Self-healing malware isn’t new, with the first such threat reportedly spotted nearly three decades ago, as the memory-residing Trojan called Yankee Doodle, which could infect .com and .exe files. Discovered in September 1989, this piece of malware would play the tune “Yankee Doodle” every day at 17:00 if it was in memory.
It is discovered by Jeroen Boersma, the recently spotted Magento-targeting malware is using a database trigger to restore itself in the event it has been deleted: every time a new order is made, injected SQL code searches the compromised Magento installation and, if it doesn’t find the malware, it re-adds it. The malware leverages SQL stored procedures for this operation.
According to Willem de Groot, who analyzed the threat, the malware’s infection point was a brute force attack on /rss/catalog/notifystock/ where the compromised shop was “otherwise completely patched.”
he also added that, malware detection should now include database analysis as well, because file scanning is no longer efficient. “This discovery shows we have entered a new phase of malware evolution,”
According to security researchers
This malware ensures that the self-healing trigger is executed every time a new order is made. “The query checks for the existence of the malware in the header, footer, copyright and every CMS block. If absent, it will re-add itself,”
Subscribe for latest security updates