mage.js

What Does Mage.js Have to Do with Your Security?

Do you have an e-commerce website? If so, then you should know about one of the most recent hidden cyber threats from Russia: the mage.js extension.

It’s new(ish), it’s nasty, and it infects your website in a nearly undetectable way and compromises your customers’ credit card information.

A compromise that you, ultimately, will be liable for.

So let’s take some time to examine this new threat, what it does, and how you can protect your website against it.

What Is mage.js?

Within the last year(within is very specific and it may have been created earlier than that), a bit of malicious code has infiltrated the Magento e-commerce platform.

It is the result of an attack campaign by Russian hackers, who attempt to brute-force their way into your site by attacking your login portal over and over again, using tables of ill-gotten credentials and automated programs, until they manage to get the access they’re looking for.

Once they’ve accessed a site using the Magento marketplace, they slide a nasty bit of code that compromises your customers’ payment information and sends it to Russian servers, where it will more than likely be sold to the highest bidder.

Within the last year(within is very specific and it may have been created earlier than that), a bit of malicious code has infiltrated the Magento e-commerce platform.

Why Is mage.js Such A Threat?

This code is particularly nasty because of how difficult it can be to detect.

On the backend, the code looks no different than that of the standard Magento marketplace code. This means that, from the perspective of Magento’s team, nothing appears to be out of the ordinary, even though crucial data is being compromised and leaked.

It’s quiet. It’s subtle. It doesn’t raise any red flags in the code.

Which means that it often isn’t discovered until it’s too late.

How Is mage.js Detected?

Often, the problems are only noticed after the malicious code has been operating, pulling and transferring data that it should not have access to. By the time the activity is noted by the average website admin or IT department, customers’ payment information is already being sold on the Russian black market.

This is because the threat can only be noticed on the front-end, operator side of the software… and most software users aren’t actively scanning for threats that they (understandably) assume their provider is scanning for on the back end.

But because the mage.js code is so sneaky, it requires more active monitoring in a place that many don’t think to look: the URL extension.

The only way that the code can be identified is by monitoring URL extensions and looking for the extension mage/mage.js. And considering most website administrators aren’t consistently keeping an eye on every URL extension on your site, it’s something that can be easily overlooked.

How To Protect A Magento Site From mage.js:

The most effective way to protect your site, and your customer’s sensitive information, is to prevent it from being able to compromiseattack your site in the first place. But how?

Proper Password Practices:

Remember, mage.js relies on a brute-force attackhijacking in order to gain access to your site in the first place. This means that they need to get access to your system before they can place the malicious code.

You can make it difficult for attackers to gain access to your website by following good password practices. For example:

  • Never re-use the same password for multiple programs, platforms, or services. If one of these becomes compromised, you’re putting your entire system at risk. It’s much easier for a Russian hacker to force their way into your system if you give them a universal password. It’s like giving a burglar a skeleton key that works for every locked door in your house!
  • Use long, random passwords. You may be tempted to choose passwords that are easy for you to remember, but the shorter they are or easier to guess, the more risk you’re putting yourself and your customers through. We recommend using long, randomly generated combinations of letters, numbers, and potentially symbols. Use a password managing software (that’s properly protected, of course,) to keep your passwords handy and easy-to-access.

Vigilant Monitoring

The only way to truly be sure you’re not affected by mage.js is to vigilantly monitor your URL’s.

An external crawling application is useful to scan every single external link on your website to determine whether any of them are compromised with the mage/mage.js extension.

A well-calibrated SIEM (security incident event management) software can help identify threats in real-time. And a team of Security Operations Center (SOC) analysts can help neutralize them, before attackers can get away with a mass-scale data breach.

At Bitlyft, we provide thorough monitoring and response for all manner of hidden cyber threats, including mage.js. We’ll consistently scan every URL that comes through your firewall for signs of bad extensions, like mage.js, so that we can take action and shut down threats proactively.

Learn more about how our cloud-based LogRhythm SIEM solution can help keep your customers’ data safe. Sign up for a demo today, and let us show you what we can do.

[social_warfare]

About the Author

Jason Miller

Jason Miller

Jason is a Chief Executive Officer of BitLyft Cyber Security. He has spent the last 19 years of his career focusing on network, system administration, and cloud technologies. He is passionate about helping businesses embrace the next generation of technology including cloud adoption and high performance scaling software.
Scroll to Top