New Malware Identified

February 11, 2016


Sucuri has identified a new malware that can capture payment data.  A new attack vector has not been identified, so it is critical that merchants follow standard practices to secure their sites, including implementing all Magento security updates, employing strong passwords, and protecting against phishing.

We encourage you to review your site for this issue. You can determine if your site is affected by looking for the string “$Magimo” in the ImportData function of the Mage Sales Model Quote Payment.php file (/src/Mage_Sales_Model_Quote_Payment.php). If you discover this string, remove the code or revert back to a previous version without this change.

This is also a good opportunity to do a security health check:

  • Make sure that you have the latest Magento security patches deployed. Enterprise Edition patches are available on MyAccount and the Partner Portal. Community Edition patches are available on the Community Edition Download Page.

  • Review all of your Admin accounts to determine if any are unknown.

  • For those of you with full control over your servers, implement firewall rules to only permit required outbound traffic (to payment providers or known integration systems, for example).

  • Fully implement all other Magento security best practices.