Secure stores, happy shoppers

eComscan malware & vulnerability report
Date 2021-11-19 15:34:14 UTC
Server [email protected]
Path /data/web/magento2
Check — Store Software
Identifying the system that powers your store.
Found Magento 2 at /data/web/magento2
A supported store application was found.
Check — Extended file system scan ?
Analyzing your files for malware and known vulnerabilities, based on 30 thousand threat intel signatures.
Malware found: form_grabber_with_jsencrypter_ea9bc
in file:/data/web/magento2/js/mage/require.js
Created: 2020-03-31T12:59:31Z
Modified: 2020-03-31T12:59:31Z
Malware found: magento_froghopper_hack_68ffa
in file:/data/web/magento2/app/Mage.php
'core/template' template='../../../../../../../../../'
Created: 2021-11-19T15:32:53Z
Modified: 2021-11-19T15:32:53Z
Malware found: fetch_cc_details_5d902
in file:/data/web/magento2/query.html
querySelectorAll("input, select, textarea, checkbox"
Created: 2020-03-13T12:42:54Z
Modified: 2018-09-30T17:18:22Z
Malware found: burner_domain_cloudfusion_me_2e731
in file:/data/web/magento2/checkout.html
Created: 2020-03-13T12:42:54Z
Modified: 2018-09-30T11:50:48Z
Successfully scanned 10862 code/executable files.
next steps
Check — Exposed database managers ?
Database managers on production systems are a common attack vector for online stores.
Vulnerability found: Adminer database manager
in file:/data/web/magento2/willem/a.php
@link https://www.adminer.org/
Created: 2020-03-13T12:43:04Z
Modified: 2018-02-20T08:24:43Z
next steps
Check — Core platform security vulnerabilities
Searching for missing patches for security issues in the core platform installation.
Did not find any malware or vulnerabilities.
Check — Magento 1 database scan ?
Analyzing relevant tables for injected malware.
Malware found: indonesian_hackers_c81f3
in db:core_config_data.design/head/includes
Malware found: rogue_admin_account_62f33
in db:admin_user.email
Malware found: burner_domain_mage_storage_pw_5e53b
in db:information_schema.triggers.sales_flat_order
Scanned 155 rows in 6 tables, using the database from /data/web/magento2/app/etc/local.xml.
next steps
Check — Magento 1 Insecure extensions
Checking your installed extensions for known insecure versions.
Vulnerability found: VladimirPopov_WebForms
in module:/data/web/magento2/app/code/community/VladimirPopov/WebForms
NB. Even if modules are renamed or disabled, they may still pose a threat to your system. It is recommended to always upgrade or remove vulnerable code completely.
Check — Suspect server background process
Checking for suspect and malicious processes that run in the background of your server.
Malware found: stealthworker_gobrut_multi_brute_force_client_1b882
in process:11893/[stealth]
Created: 2021-11-19T15:33:13Z
Modified: 2021-11-19T15:33:13Z
Process '[stealth]', ran from '/tmp/2.25' is likely malicious.
Scanned all accessible server processes.
Check — Malware in scheduled server tasks
Checking for malware that is periodically launched in the background of your server (cronjob).
Malware found: crontab_malware_61925
in crontab:app
/bin/bash -c "base64 --decode <<<
Scanned all accessible scheduled cron tasks.

Generated by eComscan, the most effective malware and vulnerability monitor for online stores, scanning over 1M stores daily.

Require assistance with a security situation? Contact us at [email protected] for a root cause analysis.

eComscan version 1.4.20, running non-interactive
Command line: ecomscan magento2

This report is based on the most recent and extensive threat intelligence. However, Sansec BV provides this information "as is" without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, correctness and completeness.