Second global attack on Prestashop attack in just 7 months of time span

[Jurist]

Dear Prestashop Users,

If you are not aware - today many stores all across the world were attacked by a new strain of Magecart trojan.

The latest one was in July 2022, just about 7 months ago.

Prestashop Management - please explain that. The platform for sellers and module developers is rapidly losing trust.

3 stores of ours have been attacked today. We are already thinking about moving to another CMS.

[orotoi]

Hi,

do you have any more info on that?

(How u found out of the attack? Did it left traces or corrupted files? What was the affect on site?)

 

Did you managed to reject the attack? What version of prestashop are you running?

(unfortunately is not only a prestashop thing.. Magento had couple of months ago the same attack.. )

 

Thanks for info

Edited February 2, 2023 by orotoi (see edit history)

[rmturner]

Four of my sites were attacked, presumably through an un-updated module.  They were even able to add A record subdomains, even though I had cpanels closed and accessible only through root whm, with serious password protection.  I hired Securi.com to clean out the malware and I upgraded all my sites, changed all passwords.  I have them monitoring my sites and I get emails over anything that looks suspicious now.  Keeping up to date with the latest stable version seems to be my job now.  Shutting down any modules I don't really need as well.