February 18, 2016
On February 12th, 2016, Sucuri reported the existence of a ‘fake’ SUPEE-5344 Magento security patch that enabled hackers to obtain Admin access to a merchant’s store. Our investigation with Sucuri has provided clarification to their original article that there is no evidence of a fake security patch. Rather, this is an instance of malware that pretends to be an applied security patch with the same file name as the official Magento patch.
To ensure your site remains fully secure from potential vulnerabilities, we strongly urge you to take the following safeguards:
1. Download and install appropriate security patches for your version of Magento from Magento directly.
To download official patches, choose from the following options:
For Enterprise Edition Merchants: Go to My Account, select the Downloads tab, and then navigate to Magento Enterprise Edition > Support Patches
For Community Edition Merchants: Patches for earlier versions of Community Edition can be found on the Community Edition download page
For Partners: Go to the Partner Portal, select Technical Resources and then select Download from the Enterprise Edition panel.
2. Be sure to check that you have installed all appropriate security patches and record which ones you have installed for future reference. Click here to check which patches you have installed.
3. The SUPEE-5344 patch is the most important patch and should be applied to all Magento versions; if you have not installed the patch, you need to take immediate action to audit and cleanse your site.
This is also a good opportunity to review Security Best Practices and learn how to safeguard your site.