Sansec logo

Backdoor admin accounts

Found a suspicious admin account in your store? It is likely a remnant of a successful attack.

eCommerce malware library

Malicious admin accounts found on 71% of hacked stores

When cyber criminals gain (unauthorized) access to a store, they often add an extra administrator account. This ensures future access to the attacker, in case their primary access channel is lost.

To counter these kind of backdoors, you should periodically review your staff accounts and disable any that you do not recognize. It is also good practice to disable accounts that have not been used in a while. And finally, ensure that all your staff accounts have MFA (multi-factor authentication) enabled.

Found one of these accounts in your admin panel?

Your store has been compromised. It is strongly recommended to run a malware scanner and start an investigation to find the root cause. Attackers may have abused a vulnerability in your code platform code, or one of your staff passwords has been intercepted. Without a root cause analysis, the abuse will likely continue.

If you want, Sansec security specialists can run a cleanup and investigation for you. We have resolved incidents on hundreds of ecommerce sites.
> Get us started ASAP

Live overview of backdoor admin accounts

These malicious admin accounts have been identified by our eComscan malware detection engine. We crawl more than 400 thousands eCommerce stores per day and identify 20 to 50 compromised stores each day.

1140696640@qq.com
221user@magento.com
87@gmail.com
AliceK1990@web.de
AndrewS1987@web.de
Chronopost@correos.es
Consulting@mail.com
Nikolaevi4koss@mail.ru
actcrew4@gmail.com
admin@kickvox.com
admin@mail.com
admindev@magento.com
akshaykamble@mail.com
allen_deirdre_h@student.smc
amasty@mail.com
amstelveen@mail.com
anchico@magento.com
api_user@mail.com
atsyvitali@yandex.ru
avant@magento.com
bearbeer@media.com
biz@gmail.com
bot@visvo.com
btest@gmail.com
btr12@gmail.com
c4nyouseeme@gmail.com
coolsurfer@gmail.com
cron_user@magento.com
dadarimaliosp@inbox.lv
developer222@gmail.com
devm2@gmail.com
dke@ekd.dk
dkesystem@gmail.com
dkesystems@gmail.com
dmnsouza01@hotmail.com
doan2@mail.com
drsmpdetusju@arxxwalls.com
fernandomoraes1345@gmail.com
gaillen@gmail.com
hi@mdgedldzda.com
history@gmails.com
imamlogs@gmail.com
indoor@gmai.com
intelsquaretech@gmail.com
ipays@craxs.co
it_support@magento.com
jain@emizentech.com
javacc@ymail.com
jbloginbox07@gmail.com
jetrail@mail.com
jetrails@proton.me
juanlinda333@hotmail.com
kellyklett8@gmail.com
klaviyo_support1@proton.me
klaviyo_support@proton.me
kmagentod@gmail.com
kmq@hotmail.com
kna@hotmail.com
kortes2018@yandex.ru
kruplesoutjac@inbox.lv
ktdhihjvkjh@gmail.com
lastc0de@Outlook.com
logzz@eduz.edu
loverose@admin.com
lucastoni119@yahoo.com
magento@magento.com
magentostore@magento.com
malasakotu@gmail.com
marcelinoferraz1342@gmail.com
masdolaso@mail.com
mccsupport@magento.com
megaplaza@gmail.com
nadina@asubtlejm.com
nonebo@maill.com
nyenderid@gmail.com
osazie@mail.ru
pepekgorengcok@gmail.com
peterpauling2@gmail.com
poliopamnerss@protonmail.com
post@getaddr.net
postghostip@gmail.com
rejeki2018@gmail.com
rpcwagner@proton.me
sagepro@live.sagepay
sensami@yahooeu.com
service@paypalid.com
shipstation@mail.com
shutdown57@gmail.com
support@dba.dk
support@magento.com
support@mageplaza.com
support@wordpress.org
test@gmail.com
test@yandex.ru
testmagento321@magento.com
tuya@tuya.com
tuyulkaya@hotmail.com
update@magento.com
user@magento.com
wagner_group@mail.com
webservice@mail.com
welcome@domain.com
xml_admin@gmx.de
xxx@war.fail
zencrut@gmail.com
zxcasq234@mail.com

Read more

Scan your store now
for malware & vulnerabilities

$ curl ecomscan.com | sh

eComscan is the most thorough security scanner for Magento, Adobe Commerce, Shopware, WooCommerce and many more.

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

Bluesky Telegram Linkedin Email RSS
Terms & Conditions
Privacy & Cookie Policy