February 15th, 2017 By Catalin Cimpanu
Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, which can self-heal using code hidden in the website’s database.
While this is not the first web malware that hides code in the website’s database, this is the first one that’s written in SQL, as a stored procedure, in this case, a Mangeto database trigger operation.
Malware hidden in SQL stored procedure
Discovered by Jeroen Boersma and analyzed by Willem de Groot, this malware starts execution whenever a user places a new order.
Powered by WPeMatico