Magecart Attackers Pioneer Persistent E-Commerce Backdoor

  /     /     /  
Publicated : 23/11/2024   Category : security


Magecart Attackers Pioneer Persistent E-Commerce Backdoor


The infamous payment-skimmer cybercrime organization is exploiting CVE-2024-20720 in Magento for a novel approach to stealing card data.



Magecart attackers have a new trick: Stashing persistent backdoors within e-commerce websites that are capable of pushing malware automatically.
According to
researchers at Sansec
, the threat actors are exploiting a critical command injection vulnerability in the Adobe Magento e-commerce platform (CVE-2024-20720, CVSS score of 9.1), which allows arbitrary code execution without user interaction.
The executed code is a cleverly crafted layout template in the layout_update database table, which contains XML shell code that automatically injects malware into compromised sites via the controller for the Magento content management system (CMS).
Attackers combine the Magento layout parser with the beberlei/assert package (installed by default) to execute system commands, Sansec said in an alert. Because the layout block is tied to the checkout cart, this command is executed whenever /checkout/cart is requested.
Sansec observed Magecart (a long-running umbrella organization for cybercrime groups that
skim payment card data from e-commerce sites
) using this technique to inject a Stripe payment skimmer, which captures and exfiltrates payment data to an attacker-controlled site.
Adobe resolved the security bug in February in both Adobe Commerce and Magento, so e-tailers should upgrade their versions to 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7 to be protected from the threat.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Magecart Attackers Pioneer Persistent E-Commerce Backdoor