Jey 0 Posted October 27, 2023 Share Posted October 27, 2023 Hi One of our customer has got this threat notification via ESET while he is trying purchase a product in e-commerce platform https://screwman.co.za/ But the same customer is able to purchase an item from the same e-commerce platform in another machine which does not have ESET protection. Please help us to resolve this issue and guide us how to remove this malware from our e-commerce platform Regards Jey Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 27, 2023 Administrators Share Posted October 27, 2023 It's a so-called Magecart malware. Please check the line with the following JS which contains the offending script: https://sucuri.net/guides/how-to-clean-hacked-magento/ Link to comment Share on other sites More sharing options...
Jey 0 Posted October 30, 2023 Author Share Posted October 30, 2023 Hi Marcos Thanks for your reply. Can you please specify the JS file name, which may help us to solve the issue. Regards Jey Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 30, 2023 Administrators Share Posted October 30, 2023 We don't know where the malware is stored. Did you check the db as advised in the above article, section "To manually remove a malware infection from Magento database tables"? If you are unable to locate the malware, please contact a company that provides website cleaning and monitoring services, such as Sucuri.net. Link to comment Share on other sites More sharing options...
Jey 0 Posted October 30, 2023 Author Share Posted October 30, 2023 We checked in db and do not find anything related to this threat. Please find screenshot below for your reference Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 30, 2023 Administrators Share Posted October 30, 2023 Since you didn't find the malicious code, please contact Sucuri.net or another company that provides website cleaning and monitoring services. Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 30, 2023 Share Posted October 30, 2023 Trustwave has an article on how to check for magecart malware here; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anyone-can-check-for-magecart-with-just-the-browser/ . Jey 1 Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 30, 2023 Share Posted October 30, 2023 (edited) Also this website: https://www.magereport.com/scan/?s=https://screwman.co.za shows multiple issues with Magento software used by https://screwman.co.za web site. Edited October 30, 2023 by itman Jey 1 Link to comment Share on other sites More sharing options...
Jey 0 Posted October 31, 2023 Author Share Posted October 31, 2023 Hi Thanks for sharing the additional the inputs and let us go thru the same. Regards Jey Link to comment Share on other sites More sharing options...
SeriousHoax 83 Posted October 31, 2023 Share Posted October 31, 2023 FYI, I have tested some other top products on the site and none of them detected anything. ESET's detection is correct for sure as confirmed by Marcos. This once again proves (to me at least) that ESET is the best at detecting malicious scripts on websites. Many times, ESET is the only one/the first one to detect such things. peteyt 1 Link to comment Share on other sites More sharing options...
Recommended Posts