May 13, 2016
Being a client oriented organization, Dotsquares like to share recent updated with their valuable clients. We recently received reports of a new malware that appears to capture information from all fields of the checkout process, including credit card information. Attackers are likely using Admin or database access to implement the exploit. We do not have specific information on how the attackers are gaining Admin access, but it is common for them to guess weak passwords, target unpatched sites, or use Admin accounts they may have set up before a site was patched. We, at Dotsquares, recommend that you run a scan on magereport.com to determine if you are at risk for a “Credit Card Hijack” and check to see if you have any unknown Admin accounts. You can also review your code for the malware. Our investigations indicate that the malware typically includes the text, “onepage|checkout” and resides in one of two places: Kindly implement the patches or upgrades referred below:
If you are infected, please take immediate steps to remove this malware and review your code for any other changes of unknown origin. As per best practices, you should also remove any unknown Admin accounts and update all Admin passwords to prevent further access to the site. If you required technical assistance that can do the needful on your behalf, please contact us. This is another reminder of the importance of following strong security practices. Please review and follow the security best practices posted on the Magento Security Center. For any kind of assistance while installing patches on your webstore please feel free to contact us any time without any second thoughts. If you need assistance with this procedure please contact us immediately and we will assign one of our Magento developers to assist. This is the highest priority issue and must be checked. We will update you as we get more information.