Hackers Exploit Magento Bug

"Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites.

The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of ""improper neutralization of special elements"" that could pave the way for arbitrary code execution.

It was addressed by the company as part of security updates released on February 13, 2024.

Sansec said it discovered a ""cleverly crafted layout template in the database"" that's being used to automatically inject malicious code to execute arbitrary commands.

""Attackers combine the Magento layout parser with the beberlei/assert package (installed by default) to execute system commands,"" the company said.

""Because the layout block is tied to the checkout cart, this command is executed whenever /checkout/cart is requested.""

The command in question is sed, which is used to insert a code execution backdoor that's then responsible for delivering a Stripe payment skimmer to capture and exfiltrate financial information to another compromised Magento store.

The development comes as the Russian government has charged six people for using skimmer malware to steal credit card and payment information from foreign e-commerce stores at least since late 2017.

The suspects are Denis Priymachenko, Alexander Aseyev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev. Recorded Future News reported that the arrests were made a year ago, citing court documents.

""As a result, members of the hacker group illegally took possession of information about almost 160 thousand payment cards of foreign citizens, after which they sold them through shadow internet sites,"" the Prosecutor General's Office of the Russian Federation said.

In Vietnam, many eCommerce sites are targets of this attack, including eCommerce sites operated by IPP Group, a major luxury retailer."

Author

AiUTOMATING PEOPLE, ABN ASIA was founded by people with deep roots in academia, with work experience in the US, Holland, Hungary, Japan, South Korea, Singapore, and Vietnam. ABN Asia is where academia and technology meet opportunity. With our cutting-edge solutions and competent software development services, we're helping businesses level up and take on the global scene. Our commitment: Faster. Better. More reliable. In most cases: Cheaper as well.

Feel free to reach out to us whenever you require IT services, digital consulting, off-the-shelf software solutions, or if you'd like to send us requests for proposals (RFPs). You can contact us at [email protected]. We're ready to assist you with all your technology needs.

© ABN ASIA