What Is Magento Killer and How You Can Protect Your Magento Stores?

Since Magento (particularly Magento 2) powers a significant portion of online commerce, it is no surprise that it is often the target of cyber criminals who come up with devious ways of exploiting the loopholes and gain access to the confidential data.
YCA9ICcwJywKYHBhdGhgID0gJ3BheXBhbC9nZW5lcmFsL2J1c2luZXNzX2FjY291bnQnLApgdmFsdWVgID0gJ1tyZWRhY3R
Identifying vulnerabilities is the first step in protecting your store. For this, Magento provides a great tool, Magento security scan tool that scans your stores and reports all potential vulnerabilities and patches (if available) that fix these issues. 
1

What Is Magento Killer?

13
$ConfKiller = array(

Since Magento is open source (community edition), developers can easily customize the platform as per the requirements of the store. However, while developing on the Magento platform, developers should always observe the best practices as documented by Magento. Observing these development guidelines improves the security of the store and prevents commonly-known security issues from slipping in the codebase. 

According to Sucuri researcher, Luke Leak, Magento Killer modifies the core_config_data table which allows the attacker to get the payment information from the compromised Magento store. Here’s what Luke shared about the issue:

How to Make Your Magento Store More Secure

$hasil = mysql_query($shc_query);

Magento Security Checker

=> ‘SELECT * FROM aw_blog_comment’ ,

Regularly Update Your Magento Installation

general/business_account‘, `value` = ‘[redacted]@gmail.com‘ WHERE `path` = ‘paypal/general/

Follow The Best Magento Development Practices

‘Update DB (Savecc)’ =>

Host Your Magento Store On a Secure Server

The latest threat to emerge for Magento powered stores is a malicious PHP script known as Magento Killer. This vulnerability targets Magento stores to hack payment details of the store visitors. 

Subscribe Newsletter

Just a few months ago, a vulnerability was identified in Magento CMS where hackers used the old tried and tested SQL injection attack to gain easy access to unpatched (and thus vulnerable) Magento stores. Fortunately, the community reacted swiftly and a patch,  PRODSECBUG-2198 was released to deal with the issue.