Secure stores, happy shoppers
eComscan malware & vulnerability report
| Date | 2021-11-19 15:34:14 UTC |
| Server | [email protected] |
| Path | /data/web/magento2 |
Check — Store Software
Identifying the system that powers your store.
Found Magento 2 at /data/web/magento2
A supported store application was found.
Check — Extended file system scan
Analyzing your files for malware and known vulnerabilities, based on 30 thousand threat intel signatures.
Malware found: form_grabber_with_jsencrypter_ea9bc
in file:/data/web/magento2/js/mage/require.js
JSEncrypt();_0x
| Created: | 2020-03-31T12:59:31Z |
| Modified: | 2020-03-31T12:59:31Z |
Malware found: magento_froghopper_hack_68ffa
in file:/data/web/magento2/app/Mage.php
'core/template' template='../../../../../../../../../'
| Created: | 2021-11-19T15:32:53Z |
| Modified: | 2021-11-19T15:32:53Z |
Malware found: fetch_cc_details_5d902
in file:/data/web/magento2/query.html
querySelectorAll("input, select, textarea, checkbox"
| Created: | 2020-03-13T12:42:54Z |
| Modified: | 2018-09-30T17:18:22Z |
Malware found: burner_domain_cloudfusion_me_2e731
in file:/data/web/magento2/checkout.html
cloudfusion.me
| Created: | 2020-03-13T12:42:54Z |
| Modified: | 2018-09-30T11:50:48Z |
Successfully scanned 10862 code/executable files.
Check — Exposed database managers
Database managers on production systems are a common attack vector for online stores.
Vulnerability found: Adminer database manager
in file:/data/web/magento2/willem/a.php
@link https://www.adminer.org/
| Created: | 2020-03-13T12:43:04Z |
| Modified: | 2018-02-20T08:24:43Z |
Check — Core platform security vulnerabilities
Searching for missing patches for security issues in the core platform installation.
Did not find any malware or vulnerabilities.
Check — Magento 1 database scan
Analyzing relevant tables for injected malware.
Malware found: indonesian_hackers_c81f3
in db:core_config_data.design/head/includes
document.getElementsByName("payment[cc_number]");
Malware found: burner_domain_mage_storage_pw_5e53b
in db:information_schema.triggers.sales_flat_order
mage-storage.pw
Scanned 155 rows in 6 tables, using the database from /data/web/magento2/app/etc/local.xml.
Check — Magento 1 Insecure extensions
Checking your installed extensions for known insecure versions.
Vulnerability found: VladimirPopov_WebForms
in module:/data/web/magento2/app/code/community/VladimirPopov/WebForms
Remove or upgrade to 2.8.0.
NB. Even if modules are renamed or disabled, they may still pose a threat to your system. It is recommended to always upgrade or remove vulnerable code completely.
Check — Suspect server background process
Checking for suspect and malicious processes that run in the background of your server.
Malware found: stealthworker_gobrut_multi_brute_force_client_1b882
in process:11893/[stealth]
go/src/StealthWorker
| Created: | 2021-11-19T15:33:13Z |
| Modified: | 2021-11-19T15:33:13Z |
Process '[stealth]', ran from '/tmp/2.25' is likely malicious.
Scanned all accessible server processes.
Check — Malware in scheduled server tasks
Checking for malware that is periodically launched in the background of your server (cronjob).
Malware found: crontab_malware_61925
in crontab:app
/bin/bash -c "base64 --decode <<<
Scanned all accessible scheduled cron tasks.
Generated by eComscan, the most effective malware and vulnerability monitor for online stores, scanning over 1M stores daily.
Require assistance with a security situation? Contact us at [email protected] for a root cause analysis.
eComscan version 1.4.20, running non-interactive
Command line: ecomscan magento2