New JavaScript Malware Issue: Make Sure Your Store is Secured

Recently Magento notified its users and partners about another security issue concerning sensitive payment information, in particular credit card credentials forwarded to external sites by frauds.



The good thing is that this security issue is covered by the February 2015 Shoplift patch, still we ask you to scan your system and check it for any unknown files.

Safety Measures

The new JavaScript malware exploits your security weaknesses and forwards customers' credit cards information from checkout pages to external sites. Intruders likely use Admin or database accesses, so please:

• Verify and secure your Admin passwords (use strong and versatile passwords, including letter, number, and symbol combinations);


• Make sure you have installed the February 2015 Shoplift patch;


• Deploy all other Magento security patches available on the Community Edition download page or in My Account area;


• Scan your site using e.g. magereport.com;


• Check your system for any unknown files;


• Inspect and delete all unknown and suspicious Admin accounts;


• Implement other security best practices.

Please make sure that your Magento store is secured and safe for your customers. More information about this malicious code is available on Magento Security Center.