Among the hot topics in news these days, is the Guruincsite malware attack on Magento sites. It has been found that several thousands of Magento stores have been blacklisted by the Power Search Engine Google because of this malware. As its being said about this Magento Guruincsite infection, the hackers have exploited the Magento websites by injecting the malicious script through iframes from the domain guruincsite.com. According to resources, guruincsite website, is one of the domains that are a part of redirection chain ending on the landing page of Neutrino exploit kit, which again exploits The Flash player vulnerability and drops the malware called Andromeda or Gamarue in the infected computers so that it can be used by the hackers for illegal access of the financial information.
The sites that are infected by this malware are blacklisted in Google searches with a highlighting error display saying that “the site has malware and attackers from guruincsite.com may attempt to install dangerous program on your computer.”
Which Websites are Vulnerable to Guruincsite Infection?
The guruincsite malware is targeting mostly the Magento based websites. The websites that show unpatched issues or do not have security patches intact are said to be most vulnerable to this infection. Websites or Magento stores with fake user accounts, unwanted demo accounts, administrative account with improper or weak passwords or with any other unpatched vulnerability that can easily give away the administrator access to the unknown are said to be more vulnerable to this malware attack.
How to Check for Malware in Your Magento Store?
In order to check your Magento store for Guruincsite malware attack, you need to scan the whole database for any code in it that is similar to “function LCWEHH(XHFER1){XHFER1=XHFER1” or check out for the domain name guruincsite in your database code. It has been found that this malware is added through a malicious script in the “design/footer/absolute_footer entry of the core_config_data table”.
The merchants who think that they have installed all the patches should also check out for the malware as there could be a possibility for the website to be attacked by the malware even before patching. Moreover, if your store or website has some fake user accounts then they will not be removed by the patch installation and hence, are still vulnerable to the malware. So, it’s important to perform a malware check of your Magento software.
Steps to Ensure Safety of Your Magento Store
All the Magento merchants or the Magento website owners are alerted for taking appropriate steps to ensure the safety of their Magento software.
All you required to do is to
-
Make sure to check your website for Guruincsite malware and other security issues at magereport.com as this is the website that will help you scan your Magento store for any kind of security vulnerability. You can also check on your own by following the above steps given for checking of malware in your store.
-
In case you have found any malware then immediately act to it to remove the malicious script and send unblock request to Google
-
Remove all the unused or unwanted user, admin or demo accounts.
-
Installing all the pending security patches will also help to close the vulnerability to the malware. You can find the list of patches to be installed at the Magento Security Center.
Above all, merchants can also contact their Magento development company for the help in this case and get the best help or guidance required.
