Malware that just won't go away

According to security researcher Willem de Groot, a new Magento hack has been detected that uses a database trigger to restore itself if deleted.

The trigger is executed every time a new order is made. The query checks for the existence of the malware in the header, footer, copyright and every CMS block. If absent, it will re-add itself.
This discovery shows we have entered a new phase of malware evolution. Just scanning files is not enough anymore, malware detection methods should now include database analysis.
…
 

You can check your Magento site using Magereport.
If found, you can follow de Groot’s instructions for removal of the database trigger.
Need help?  Then contact us.