Prestashop Security: PHPUnit Malware Vulnerability

Seguridad Prestashop: Vulnerabilidad Malware PHPUnit
Recently, a vulnerability has been discovered for PrestaShop 1.6 and 1.7 stores and has been reported by Francis Ladeuil. This vulnerability can be used to gain access to and control an entire online store via malware, so it should be given the attention it deserves. At Línea Gráfica we have developed this module that will allow you to check the vulnerability of your store and eliminate the threat. If you want to know more about this malware, the module and Prestashop security, continue reading.

Fix Vulnerability

PrestaShop Security Vulnerability

Attackers are exploiting a vulnerability in PHPUnit with arbitrary code on servers running PrestaShop websites in order to gain complete site control. All versions prior to PHPUnit 7.5.19 and 8.5.1 are vulnerable. What can happen if an attacker gains access to your website? They can steal your data and that of your customers, damaging your integrity as a company and your results. Therefore, it is important to check if there is a directory called " phpunit " in the FTP of our online store, which is, as we have said, what makes our website vulnerable to this malware. It is a development library and is not necessary for the normal operation of the website, so removing it is the best option to prevent the attack.

PHPUnit Vulnerability Checker Module

In order to check if your website is vulnerable to these attacks, at Línea Gráfica we have developed a PHPUnit PrestaShop 1.6 and 1.7 vulnerability checker module that will allow you to analyze all the files in this library (phpunit) and will give you the option to permanently delete them, putting an end to the potential threat. This task can be done manually, but if you have many modules it can be a very slow process, which is why it is advisable to use this new Línea Gráfica module. How does the PHPUnit vulnerability checker module work ? It automatically scans all possible PrestaShop directories and all the modules we have installed, looking for the PHPUnit library. After this search, it provides us with a list of all the libraries found, giving us the option to delete them. It is important to note that this is a free distribution module . If no modules are found containing the “phpunit” folder, your store is not vulnerable to this type of attack.

Committed online store

Even if we perform this analysis and remove the directories that make our website vulnerable, it is possible that our online store has already been compromised. Most attackers place files or modify existing ones; this will be our way of checking if our website is being or has been attacked. Check carefully that the attacker has not left any files on the server. Through the article presented by PrestaShop on this website security vulnerability, we highlight the following list of problematic files that a compromised online store may contain :
  • XsamXadoo_Bot.php
  • XsamXadoo_deface.php
  • 0x666.php
  • f.php
  • Xsam_Xadoo.html
If in doubt, change the passwords of all administrative users on your store and consider asking your customers to do the same, but remember to check first via our PHPUnit vulnerability checker module that there are no compromised files on the store to avoid a new attack.

Affected PrestaShop Modules

According to this article we mentioned earlier, there are several modules that are affected by this vulnerability:
  • 1-Click Update: Versions 4.0 beta and later
  • Cart Abandonment Pro: Versions 2.0.1 ~ 2.0.2
  • Faceted Search: Versions 2.2.1 ~ 3.0.0
  • Merchant Experience: Versions 2.1.0 and later
  • PrestaShop Checkout: versions 1.0.8 ~ 1.0.9
PrestaShop has released new versions of the affected modules in which it completely removes the library to which this threat and vulnerability are related, which are: v4.10.1, v2.0.10, v3.4.1, v2.3.2 and v1.2.9, respectively, according to the list above. Although we must remember that, if at any time we have installed the previous compromised versions, we will probably still have the PHPUnit files on our server, so it is important that we delete them, since it is not enough to simply install the updated versions.

PrestaShop Security Actions

In light of this situation, PrestaShop has taken various actions regarding this vulnerability . Therefore, all partners have been informed and should have thoroughly secured the stores they control. In addition, the affected modules have been updated to make them secure, as we saw in the previous point. PrestaShop is checking all modules to ensure whether or not they contain the vulnerable “phpunit” folder. The security of your store is our top priority, we help you reduce the impact and threat of malware. Take a look at the rest of the PrestaShop modules that we provide at Línea Gráfica and keep threats away from your website. In addition, you will be able to improve your options as an online store.
Updated on

Latest news

Shopify: La tendencia actual en el ecommerce

Shopify: The current trend in e-commerce

Shopify and its popularity in ecommerce In 2024, Shopify remains one of the most popular ecommerce platforms in the world. Currently, there are ...

María Gallardo
Updated on
¿Cómo generar leads en tu negocio B2B?

How to generate leads in your B2B business?

Do you want to increase your B2B lead generation? At Línea Gráfica we have prepared this article for you so that you can take your B2B business to ...

María Gallardo
Updated on
¿Por qué digitalizar tu farmacia?

Why digitalize your pharmacy?

If you have come this far, it is because you are thinking about digitalizing your pharmaceutical business. You will have in mind what direction to ...

María Gallardo
Updated on