Security Firm Warns Magento Merchants to Avoid Fake Plug-Ins

Nov. 13, 2014

Security Firm Warns Magento Merchants to Avoid Fake Plug-Ins Up to five percent of e-commerce sites hosted by platform provider Magento have been compromised by fake plug-ins designed by hackers to gain entry to their systems to gather customer data, according to security company Foregenix. The London-based company has tested more than 350 e-commerce sites so far in the wake of forensic investigations that have uncovered the vulnerability targeting businesses on the Magento platform. Because it found the fake plug-ins on five percent of those scans, Foregenix has made free scans available to all Magento-hosted businesses.

"These malicious modules permit remote and unauthorized access, allowing hackers to make modifications and harvest payment card details which could result in significant and expensive fraud liabilities for businesses," said Benjamin Hosack, director of Foregenix. "Our online website scanner has identified a worrying number of affected businesses and there are without a doubt hundreds more that we haven’t been able to advise and mitigate the threat."

The company cautions merchants to be vigilant about their e-commerce platform and pay close attention to the plug-ins they download.