Magento Exploit Allows Hackers to Inject Persistent Backdoor into E-commerce Sites
In a concerning development, threat actors have exploited a critical vulnerability in Magento, enabling them to implant a persistent backdoor within e-commerce websites. The flaw in question, identified as CVE-2024-20720 with a high CVSS score of 9.1, involves an “improper neutralization of special elements,” potentially leading to arbitrary code execution. Adobe promptly addressed this issue through security updates released on February 13, 2024.
Sansec, a cybersecurity firm, made a significant discovery: a meticulously designed layout template residing in the database. This template is being weaponized to automatically inject malicious code, granting attackers the ability to execute arbitrary commands. Notably, the attackers cleverly combine the Magento layout parser with the Beverley/assert package (which comes pre-installed) to carry out system-level commands.
Website owners and administrators should promptly apply the necessary patches to safeguard their e-commerce platforms against this critical vulnerability.
Russian Hackers Exploit Magento Vulnerability to Steal Payment Data
In a concerning development, cybercriminals have leveraged a critical flaw in Magento, allowing them to inject a persistent backdoor into e-commerce sites. The vulnerability, identified as CVE-2024-20720 with a high CVSS score of 9.1, arises from “improper neutralization of special elements,” potentially enabling arbitrary code execution. Adobe promptly addressed this issue through security updates released on February 13, 2024.
The attack method involves a cleverly crafted layout template within the database, which automatically injects malicious code upon requesting the <store>/checkout/cart page. The injected command, executed via the sed utility, establishes a code execution backdoor responsible for deploying a Stripe payment skimmer. This skimmer stealthily captures and exfiltrates financial information to another compromised Magento store.
Notably, the Russian government has recently charged six individuals—Denis Priymachenko, Alexander Aseyev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev—for their involvement in using skimmer malware to pilfer credit card and payment data from foreign e-commerce platforms since late 2017. These suspects allegedly obtained information from nearly 160,000 payment cards and subsequently sold it through shadow internet channels, as reported by the Prosecutor General’s Office of the Russian Federation.
Website owners and administrators should promptly apply necessary patches to safeguard their e-commerce platforms against this critical vulnerability.
magento
