updated on 09/01/2020, 10 h 20
Dear PrestaShop user,
On January 2nd, a malware named XsamXadoo Bot was discovered.This malware can be used to have access to an online store and take control of it.
We now believe that the bot used a known vulnerability of the PHP tool PHPUnit that has been reported as CVE-2017-9841.
Here is what you need to do, it should take only 5 minutes.
Is my website vulnerable?
To know if your store is vulnerable to an attack, this is what you should do. If you’re uncomfortable managing files on your server, contact your qualified team member:
- On your server, look into the Vendor folder at the root level of your PrestaShop website
- If the Vendor folder contains a “phpunit” folder, you may be vulnerable to an outside attacker.
- You can now simply delete the “phpunit” folder and its content.
Once you checked the main PrestaShop folder, repeat the same steps but inside each module folder:
- In each module folder, check if there is a Vendor folder
- Inside the Vendor folder of each module, check if there is a folder named “phpunit”.
- If one module folder contains this “phpunit” folder, this module may make you vulnerable to an outside attacker.
- You can simply delete the “phpunit” folder.
Double check if every module Vendor folder does not contain a “phpunit folder.” You should not delete anything else.
It will not affect module behavior. This simple step will protect your online store from this vulnerability, but remember that your website may have already been compromised.
→ If you did not find any module containing this phpunit folder, your store is not vulnerable.
For more technically detailed instructions, please visit our dedicated post.
What can happen if my store is compromised?
This vulnerability gives an attacker access to your website: for instance, this means an attacker can potentially steal your data.
For more information, please visit our dedicated post on this matter.
What is PrestaShop doing right now about this vulnerability?
All PrestaShop agency partners and ambassadors have been informed and should have already secured the shops they have control over.
All the PrestaShop modules have been updated and are now safe. We are also currently checking every other module available on PrestaShop Addons, to see if they contain the “phpunit” vulnerable folder.
If you believe your website has already been compromised, we strongly advise you to contact a security expert.
The security of online stores is at the center of PrestaShop’s concerns. Our teams are making sure the impact of this malware will be as small as possible. We will of course keep you updated regularly on this matter.