Watch out for new patch from Magento — hackers are at it again.
Attackers are still trying to find Magento installations that haven’t patched a particularly bad vulnerability, this time trying to trick people into downloading a fake patch.
The bogus patch purports to fix a flaw known as the Shoplift Bug, or SUPEE-5344, wrote Denis Sinegubko, a senior malware researcher with Sucuri.
“While the patch was released February 2015, many sites unfortunately did not update,” he wrote. “This gave hackers an opportunity to compromise thousands of Magento powered online stores.”