GuruIncSite Malware attacks Magento websites

by Admin
GuruIncSite Malware
It's only fair to share...Share on google
Share on pinterest
Share on twitter
Share on linkedin

GuruIncSite Malware

A new type of malware called GuruIncSite Malware which is actually a javascript injection has affected thousands of Magento based stores. The malware exploits a vulnerability in Magento or a 3rd party extension to inject a piece of javascript malware into the Magento database, which then infects any visitor to the site. The bad news is that Google has identified these domains and has categorized these online stores as blacklisted affected by the hack.

As per the Sucuri Security blog , this malware is injected in the design/footer/absolute_footer entry of the core_config_data table, but we suggest scanning the whole database for code like “function LCWEHH(XHFER1){XHFER1=XHFER1” or the “guruincsite” domain name. The attack involves the injection of malicious scripts through iframes from the domain Both an obfuscated and non-obfuscated version of the infection has been reported.


Find out if your Magento store is affected

To find out if your store is affceted, go and scan your site for free using the following tools:

How to remove GuruIncSite Malware

  • Since this malware is mostly attaching the footer, go to the admin and Navigate to System > Configuration > Design > Footer > Miscellaneous HTML and remove the malicious code there. The hack can be identified by the presence of the code function LCWEHH(XHFER1)[…]. If you prefer to edit the database directly, look for the design/footer/absolute_footer entry of the core_config_data table.
  • Delete any unknown admin user which you did not created. this may be a malware
  • Patch up your Magento store with latest Magento Security patches.
  • Updates your website to the latest Magento version.
  • change all login credentials just to be super safe!

If your website is affected by a malware, contact us for a free analysis. We offer professional Website malware Removal services.

Related Posts