GuruInc JavaScript attack on Magento stores

Security company Sucuri have just announced that they are seeing an increased attack on Magento stores. The attack is in the form of hackers injecting malicious scripts that produce iFrames from the website "guruincsite[.]com".

To find out if your Magento store has been attacked and, if so, how to fix this security issue get in touch right away and the request will be given a high priority. Alternatively if you would prefer to run a quick check yourself then you can do so by entering your URL at

The Magento Team Added

Your site may be at risk. Take action today.

We are investigating reports of Magento sites being targeted by Guruincsite malware (Neutrino exploit kit). We have not identified a new attack vector at this time, but have found that nearly all impacted sites checked so far were vulnerable to a previously identified code execution issue for which we released a patch in early 2015; sites not vulnerable to that issue show other unpatched issues. The malware can also take advantage of situations where an administrative account has been compromised through weak passwords, phishing, or any other unpatched vulnerability that allows for administrative access, so it is important to check for fake user accounts and for leftover demo accounts.

Magento merchants are advised to follow best practices to ensure the security of their sites as well as:

More information as available will be posted at

Best regards,
The Magento Team