Adobe Commerce and Magento stores are under attack by dangerous malware
Some of the world’s most popular e-commerce platforms contain vulnerabilities that could allow threat actors to remotely execute code, deploy malware and even steal customer payment information, experts warn.
Numerous websites using Adobe Commerce and Magento platforms have already been compromised, including heavyweights such as Ray Ban, National Geographic, Cisco, Whirlpool and Segway, cybersecurity researchers Sansec claim.
They claim that around 5% of all websites powered by these platforms have already been compromised by the vulnerability, dubbed ‘CosmicSting’, with up to five new ones being added every hour in what they say is the ‘worst bug’ affecting the two platforms. in years.
Errors in the chain
The vulnerability, tracked as CVE-2024-34102 with a severity rating of 9.8/10 (critical), is described as an “improper restriction of the XML external entity reference (XXE).”
The patch for the bug was released in June 2024, while CISA added it to its KEV catalog in July. However, newer attacks, observed as of August, linked CosmicSting to a vulnerability called CNEXT and were tracked as CVE-2024-2961. Together, these two bugs give attackers the ability to remotely execute code and essentially take over the entire system.
The researchers identified at least seven groups that exploited these vulnerabilities. The groups are not exactly household names in the cybercriminal community: Bobry, Polyovki, Surki, Burunduki, Ondatry, Khomyaki and Belki. Regardless of their status, they are still a formidable foe, as at least one has used CosmicSting with CNEXT to deliver skimmer malware to victim websites.
Skimmers work by stealing payment information during the checkout process and sending it to the attackers. Scammers can sell the credit card information on the black market or use it to fund additional campaigns. Every now and then we see ad campaigns on Google, Facebook and elsewhere promoting malicious websites and programs, and the majority of those campaigns are funded this way.
“Merchants are strongly encouraged to upgrade to the latest version of Magento or Adobe Commerce,” Sansec said. “They should also rotate secret encryption keys and ensure that old keys are invalidated.”
Via The HackerNews
