Malware that just won't go away
According to security researcher Willem de Groot, a new Magento hack has been detected that uses a database trigger to restore itself if deleted.
The trigger is executed every time a new order is made. The query checks for the existence of the malware in the header, footer, copyright and every CMS block. If absent, it will re-add itself.
This discovery shows we have entered a new phase of malware evolution. Just scanning files is not enough anymore, malware detection methods should now include database analysis.
You can check your Magento site using Magereport.
If found, you can follow de Groot’s instructions for removal of the database trigger.
Need help? Then contact us.