cancel
Showing results for 
Search instead for 
Did you mean: 

Your site is compromised with injected JavaScript malware.

Your site is compromised with injected JavaScript malware.

Hello everybody,

 

we have a Magento site running 1.9.4.1 version and we are facing two FAILs on the Magento Security Scan that are driving me crazy.

 

The first one is telling us the following:

 

fail
Compromise
Magento Compromise Injection
Your site is compromised with injected JavaScript malware. (40)
Malicious code signature(s) have been found in these resources:
XXX/skin/frontend/indicator/default/dist/js/main.min.js

This main.min.js file is created with gulp with the required JS files that we need. I checked it in all ways and it doesn't have any kind of malware, but the scan fails anyway each time.

 

Also we have this another fail:

fail
Patch
Magento SUPEE 5994
SUPEE-5994 - Failed.
Admin login screen detected (APPSEC-977)
Admin login screen detected (APPSEC-977)

 

But this patch is already installed and we are running a Magento Version much higher right now. I sent an email the past week to security@magento.com so they can help me find what it's going on, but I didn't get any response. Could you help me to solve this?

 

Thank you!

@msavich

4 REPLIES 4

Re: Your site is compromised with injected JavaScript malware.

Sure, @findicator 
Please send me the store URLs you have a problems with in PM.

Re: Your site is compromised with injected JavaScript malware.

Hello, I tried to send you a new PM but I got the following error:

 

And I only sent 2 PMs in all the time that I used the forums.

 

So, the issue is that you find out that the JS error was a false positive and the scan passed correctly but until yesterday, that the scan shows again the following error:

 

Hello msavich! Sorry to disturb you again but yesterday we reiceved a new "Critical Issue Detected" and it's again:


Magento Compromise Injection
Your site is compromised with injected JavaScript malware. (46)
Malicious code signature(s) have been found in these resources:
.../skin/frontend/indicator/default/dist/js/main.min.js

 

Could you check it? We didn't change anything and I didn't find malicious code on this JS. Maybe its a falsepositive again? You can find the site on my previous PMs as I can't send you a new one.

 

Thank you!

Re: Your site is compromised with injected JavaScript malware.

Hello @findicator 

Yes it is a false positive... again...

Since we constantly monitor a new malware code that appears 'in the wild' and add the logic to detect it, sometimes it cause a false positives.

Please expect the fix to become live next Thursday around noon (Central Time).

Re: Your site is compromised with injected JavaScript malware.

I am having a similar issue with a site I'm working on. The scan is showing an injection located on a different domain than what I'm scanning and I'm unable to see where that redirect is being generated from.