Some cyber criminals have been discovered at exploit a serious flaw in Magento (a well-known e-commerce site, owned by Adobe) to insert a persistent backdoor into e-commerce websites.
What Adobe says about this flaw in its Magento platform
The attack exploits the CVE-2024-20720 (CVSS score: 9.1), which was described by Adobe as a case of “improper neutralization of special elements” which could pave the way for unauthorized execution of potentially malicious code.
This flaw (fortunately) was later correct by the company as part of the security updates released on February 13, 2024.
Sansec said it had discovered a “Ingeniously designed template layout in database” which is used to automatically inject malicious code to execute commands with malicious effects.
“Attackers combine the Magento layout parser with the beberlei/assert package (installed by default) to run system commands” has said the company, adding: “Since the layout block is tied to the checkout cart, this command is executed whenever /checkout/cart is requested.“
The command in question is sedwhich is used to insert a backdoor for code execution malevolentwho is then responsible for delivering one skimmers Stripe payment gateway to capture and exfiltrate financial information to another compromised Magento store.
The development comes as the Russian government accused six people of using skimmer malware to steal credit card and payment information from foreign e-commerce stores since at least late 2017.
The suspects are Denis Priymachenko, Alexander Aseyev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk and Anton Tolmachev; Recorded Future News has reported That the arrests were made a year ago, citing court documents.
“As a result, members of the hacker group illegally got hold of information on almost 160 thousand payment cards of foreign citizens, then they sold them through shadowy websites” has said the Office of the Prosecutor General of the Russian Federation.
How to protect yourself if you have an account on Magento and other similar platforms
Having acknowledged the serious vulnerability discovered in Magento and the possible implications for the security of e-commerce websites, users who have an account on Magento should immediately take measures to protect their data and their site, therefore, below are some recommended actions.
System update
Make sure you have installed the latest security updates released by Magento; These updates often include patches to fix vulnerabilities like the one described.
Site analysis
Conduct a thorough scan of your website for any signs of compromise or presence of malicious code; this can be done using specialized security tools or through the assistance of cybersecurity experts.
Credential fortification
Change your Magento account login passwords immediately and use strong, unique passwords to reduce the risk of unauthorized access.
Transaction monitoring
Pay particular attention to financial transactions and money movements on your site; any suspicious activity should be reported and investigated immediately.
Additional security implementation
Consider implementing additional security measures such as two-factor authentication for Magento account access, web firewall and malware filters to protect the site from future attacks.
Regular backups
Make regular backups of your website data and store secure copies in a separate location and this can be useful in restoring the site in the event of compromise or data loss.
Staff training
Ensure that all staff involved in managing the website are informed of best security practices and aware of the risks associated with cyber attacks; taking these measures promptly can help reduce the risk of site compromise and protect sensitive user data and financial transactions.
#Magento #bug #steals #data #ecommerce #sites
