Be aware of update.magento.center

Another security relevant topic for this year with domain update.magento.center! This domain hosts a phishing campaign and malware. It is not related to any officially Magento site and it is dangerous to log in.

Be aware of update.magento.center

At the end of 2018 it is again to publish a warning about a dangerous website using a Magento domain. update.magento.center is not an official Magento site. I got a warning on Twitter about this site and wanted to analyze it. I installed a virtual Linux system to visit this site (I do not to harm my Windows 10 system). On Firefox and Debian this site looks broken, I suppose that on a Windows system and another browser you may see animations or slideshows. The site itself is in French, English and Arabic. Title says something about data protection and it appears to be a business website.

Danger!

Nothing on this website relates to Magento – only the domain. It appears that someone change domain after creation of this website. It is possible a real business website that was hacked (anyone has more details?). Fact is, that it does not protect any data!

Watch out

As Magento user and developer you may get mails and spamware to give away user data or any security related data like logins. Do not do that. Magento will never ask you about customer login data. Patch your shops regularly (see my articles about new Magento patches) and change admin passwords if you think it is needed. Do not give it away to external “support”. If someone external needs access, create a new user and delete it if all work is done.

Conclusion

Again a website that hosts malware and phishing data forms. Do not trust in domains, that are not official Magento domains. magento.center is not official, Magento would host new services on their magento.com domain. Always check twice if you are visiting a magento Website. All new domain endings like .center are suspicious.