"Magento Stores Targeted in Massive Surge of TrojanOrders Attacks"

At least seven hacking groups are responsible for a massive increase in 'TrojanOrders' attacks against Magento 2 websites, which exploit a vulnerability that allows threat actors to compromise vulnerable servers. Sansec, a website security firm, warned that the attacks are targeting nearly 40 percent of Magento 2 websites, with hacking groups fighting for control of an infected site. During a busy Black Friday and Cyber Monday period, these attacks are used to inject malicious JavaScript code into an online store's website, causing significant business disruption and massive customer credit card theft. The trend is expected to continue as we approach Christmas, when online retailers are at their most critical and vulnerable. The TrojanOrders attack exploits a critical Magento 2 vulnerability, tracked as CVE-2022-24086, which allows unauthenticated attackers to execute code and inject Remote Access Trojans (RATs) on unpatched websites. Adobe patched this flaw in February 2022, but Sansec says many Magento sites have remained unpatched. According to Sansec, at least a third of all Magento and Adobe Commerce stores have not yet been patched. Hackers typically create an account on the target website and place an order containing malicious template code in the name, VAT, or other fields when conducting TrojanOrders attacks. Once on the website, the attackers install a RAT to gain persistent access and the ability to perform more complex actions. This article continues to discuss findings regarding the increase in TrojanOrders attacks targeting Magento 2 websites.

Bleeping Computer reports "Magento Stores Targeted in Massive Surge of TrojanOrders Attacks"