Magento Website Hosting Lancashire with CMS Live Web Specialists

Magento JavaScript Malware Issue

Martin Starkie eCommerce, Server Side & Web Technical

Make Sure Your Website is Secure from Magento JavaScript Malware Issue


Magento Commerce has received reports of a JavaScript malware exploit that forwards credit card information from checkout pages to an external site.

Attacks are likely using Admin or database access to implement the exploit. It appears most impacted sites have not implemented the February 2015 Shoplift patch, or the patch was implemented after the site was already compromised. Attackers can also gain Admin access due to weak passwords, phishing, and other unpatched vulnerabilities.

All Magento eCommerce site owners should take this opportunity to make sure that their sites are secure.Martin Starkie
All Magento eCommerce site owners should take this opportunity to make sure that their sites are secure.

We recommend that you:

  • Scan your site with a tool like magereport.com
  • Apply all patches available on the Community Edition Download Page or in MyAccount
  • Check for any unknown files in the system
  • Review and remove all unknown Admin accounts
  • Change all remaining Admin passwords to strong ones (e.g., they should be long, and include symbols, upper and lower case letters, and numbers)
  • Follow security best practices outlined in the Magento user guides

If you need help with any of the above, contact us today.  We offer various technical web support packages. We can check if your Magento website is upto date with all the latests security patches and if it isn’t we can advise you of what is needed.


Are you affected?

If your site has been compromised we can get you cleaned up and back to full running order in no time.

Got a Web problem that you need fixing urgently?

We’re a different breed of web company as we specialise in offering exceptional development support, whether it is fixing an urgent bug,
implementing new functionality or even re-building your whole website.

Go to Web Technical Support

Share this Post