Magecart attackers have a brand new trick: Stashing persistent backdoors inside e-commerce web sites which might be able to pushing malware routinely.
In keeping with researchers at Sansec, the menace actors are exploiting a vital command injection vulnerability within the Adobe Magento e-commerce platform (CVE-2024-20720, CVSS rating of 9.1), which permits arbitrary code execution with out person interplay.
The executed code is a “cleverly crafted format template” within the layout_update database desk, which accommodates XML shell code that routinely injects malware into compromised websites through the controller for the Magento content material administration system (CMS).
“Attackers mix the Magento format parser with the beberlei/assert bundle (put in by default) to execute system instructions,” Sansec mentioned in an alert. “As a result of the format block is tied to the checkout cart, this command is executed every time <retailer>/checkout/cart is requested.”
Sansec noticed Magecart (a long-running umbrella group for cybercrime teams that skim cost card knowledge from e-commerce websites) utilizing this system to inject a Stripe cost skimmer, which captures and exfiltrates cost knowledge to an attacker-controlled web site.
Adobe resolved the safety bug in February in each Adobe Commerce and Magento, so e-tailers ought to improve their variations to 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7 to be shielded from the menace.