"Magecart Attackers Pioneer Persistent E-Commerce Backdoor"

Magecart attackers are stashing persistent backdoors within e-commerce websites that can automatically push malware. According to Sansec researchers, the threat actors are exploiting a critical command injection vulnerability, tracked as CVE-2024-20720 with a CVSS score of 9.1, in the Adobe Magento e-commerce platform. It enables arbitrary code execution without user interaction. The executed code is said to be a "cleverly crafted layout template" in the layout_update database table, which has XML shell code that automatically injects malware into compromised sites through the Magento Content Management System's (CMS) controller. This article continues to discuss the payment-skimmer cybercrime organization's exploitation of a vulnerability in Magento to carry out a novel approach to stealing card data.

Dark Reading reports "Magecart Attackers Pioneer Persistent E-Commerce Backdoor"

Submitted by grigby1