Jey 0 Posted October 27, 2023 Posted October 27, 2023 Hi One of our customer has got this threat notification via ESET while he is trying purchase a product in e-commerce platform https://screwman.co.za/ But the same customer is able to purchase an item from the same e-commerce platform in another machine which does not have ESET protection. Please help us to resolve this issue and guide us how to remove this malware from our e-commerce platform Regards Jey
Administrators Marcos 5,408 Posted October 27, 2023 Administrators Posted October 27, 2023 It's a so-called Magecart malware. Please check the line with the following JS which contains the offending script: https://sucuri.net/guides/how-to-clean-hacked-magento/
Jey 0 Posted October 30, 2023 Author Posted October 30, 2023 Hi Marcos Thanks for your reply. Can you please specify the JS file name, which may help us to solve the issue. Regards Jey
Administrators Marcos 5,408 Posted October 30, 2023 Administrators Posted October 30, 2023 We don't know where the malware is stored. Did you check the db as advised in the above article, section "To manually remove a malware infection from Magento database tables"? If you are unable to locate the malware, please contact a company that provides website cleaning and monitoring services, such as Sucuri.net.
Jey 0 Posted October 30, 2023 Author Posted October 30, 2023 We checked in db and do not find anything related to this threat. Please find screenshot below for your reference
Administrators Marcos 5,408 Posted October 30, 2023 Administrators Posted October 30, 2023 Since you didn't find the malicious code, please contact Sucuri.net or another company that provides website cleaning and monitoring services.
itman 1,790 Posted October 30, 2023 Posted October 30, 2023 Trustwave has an article on how to check for magecart malware here; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/anyone-can-check-for-magecart-with-just-the-browser/ . Jey 1
itman 1,790 Posted October 30, 2023 Posted October 30, 2023 (edited) Also this website: https://www.magereport.com/scan/?s=https://screwman.co.za shows multiple issues with Magento software used by https://screwman.co.za web site. Edited October 30, 2023 by itman Jey 1
Jey 0 Posted October 31, 2023 Author Posted October 31, 2023 Hi Thanks for sharing the additional the inputs and let us go thru the same. Regards Jey
SeriousHoax 87 Posted October 31, 2023 Posted October 31, 2023 FYI, I have tested some other top products on the site and none of them detected anything. ESET's detection is correct for sure as confirmed by Marcos. This once again proves (to me at least) that ESET is the best at detecting malicious scripts on websites. Many times, ESET is the only one/the first one to detect such things. peteyt 1
Recommended Posts