Hackers Exploit Bug in Magento to Access Payment D
Post# of 166
(Total Views: 138)
Posted On: 04/10/2024 5:36:04 PM
Hackers Exploit Bug in Magento to Access Payment Data on eCommerce Sites
A critical flaw in the open-source e-commerce platform Magento has allowed hackers to make backdoors into e-commerce websites and steal payment data. Computer software company Adobe Inc. describes the error, CVE-2024-2072, as the “improper neutralization of special elements” that could allow attackers to make arbitrary code executions without any user interaction.
Adobe addressed the vulnerability on Feb. 13, 2024, as part of a batch of security updates while e-commerce security company Sansec announced that it had found a database layout template that was used to “inject malicious code” automatically. Hackers could then use this code to execute commands arbitrarily by combining the “cleverly crafted layout” with the beberlei/assert package.
According to Sansec, this vulnerability could be exploited any time a user requested <store>/checkout/cart as checkout cart is tied to the layout block, allowing them to execute system commands. More specifically, hackers could execute the command “sed,” enabling them to insert a code execution backdoor that would then deliver a Stripe payment skimmer to capture and retrieve financial information to another infiltrated Magento store.
News of the Magento vulnerability comes after Moscow charged six individuals for using similar skimmer malware to steal payment and credit card information from foreign virtual stores for at least six years. Reports citing court documents show that Alexander Aseyev, Denis Priymachenko, Alexander Basov, Vladislav Patyuk, Anton Tolmachev and Dmitry Kolpakov were arrested as suspects last year.
In a rare move, the prosecutor general’s office of the Russian Federation publicly noted that the hacker group focused on foreign e-commerce platforms and stole the information of close to 160,000 payment cards before selling them via shadow internet sites. SANS Institute instructor Will Thomas said the hacker group used Magecart, a tactic for stealing information that was initially used by the group behind the initial Magento attacks.
This Magecart-like tactic saw the hackers inject malicious code into web pages where customers typically enter payment information, including checkout pages to capture CVV codes, credit card data and other sensitive private information. The hacker group would then store this data on its servers before using darknet forums to sell the information to operations that perpetuate credit card debt.
With dozens of groups carrying out similar hacking operations across the globe, Thomas noted that attributing fault to one group can be quite difficult. Recorded Future’s Insikt Group estimates that in 2022 alone, such groups gathered close to 60 million credit-card payment records and posted them on dark web forums.
Entities in sensitive segments of e-commerce such as healthcare e-commerce, including NextPlat Corp. (NASDAQ: NXPL) (NASDAQ: NXPLW), are probably concerned about how other hacks of this nature can be prevented in the future since it would be damaging if the sensitive personal information of patients buying their medications and supplies from online stores is compromised by hackers.
NOTE TO INVESTORS: The latest news and updates relating to NextPlat Corp. (NASDAQ: NXPL, NXPLW) are available in the company’s newsroom at https://ibn.fm/NXPL
Please see full terms of use and disclaimers on the BioMedWire website applicable to all content provided by BMW, wherever published or re-published: http://BMW.fm/Disclaimer
A critical flaw in the open-source e-commerce platform Magento has allowed hackers to make backdoors into e-commerce websites and steal payment data. Computer software company Adobe Inc. describes the error, CVE-2024-2072, as the “improper neutralization of special elements” that could allow attackers to make arbitrary code executions without any user interaction.
Adobe addressed the vulnerability on Feb. 13, 2024, as part of a batch of security updates while e-commerce security company Sansec announced that it had found a database layout template that was used to “inject malicious code” automatically. Hackers could then use this code to execute commands arbitrarily by combining the “cleverly crafted layout” with the beberlei/assert package.
According to Sansec, this vulnerability could be exploited any time a user requested <store>/checkout/cart as checkout cart is tied to the layout block, allowing them to execute system commands. More specifically, hackers could execute the command “sed,” enabling them to insert a code execution backdoor that would then deliver a Stripe payment skimmer to capture and retrieve financial information to another infiltrated Magento store.
News of the Magento vulnerability comes after Moscow charged six individuals for using similar skimmer malware to steal payment and credit card information from foreign virtual stores for at least six years. Reports citing court documents show that Alexander Aseyev, Denis Priymachenko, Alexander Basov, Vladislav Patyuk, Anton Tolmachev and Dmitry Kolpakov were arrested as suspects last year.
In a rare move, the prosecutor general’s office of the Russian Federation publicly noted that the hacker group focused on foreign e-commerce platforms and stole the information of close to 160,000 payment cards before selling them via shadow internet sites. SANS Institute instructor Will Thomas said the hacker group used Magecart, a tactic for stealing information that was initially used by the group behind the initial Magento attacks.
This Magecart-like tactic saw the hackers inject malicious code into web pages where customers typically enter payment information, including checkout pages to capture CVV codes, credit card data and other sensitive private information. The hacker group would then store this data on its servers before using darknet forums to sell the information to operations that perpetuate credit card debt.
With dozens of groups carrying out similar hacking operations across the globe, Thomas noted that attributing fault to one group can be quite difficult. Recorded Future’s Insikt Group estimates that in 2022 alone, such groups gathered close to 60 million credit-card payment records and posted them on dark web forums.
Entities in sensitive segments of e-commerce such as healthcare e-commerce, including NextPlat Corp. (NASDAQ: NXPL) (NASDAQ: NXPLW), are probably concerned about how other hacks of this nature can be prevented in the future since it would be damaging if the sensitive personal information of patients buying their medications and supplies from online stores is compromised by hackers.
NOTE TO INVESTORS: The latest news and updates relating to NextPlat Corp. (NASDAQ: NXPL, NXPLW) are available in the company’s newsroom at https://ibn.fm/NXPL
Please see full terms of use and disclaimers on the BioMedWire website applicable to all content provided by BMW, wherever published or re-published: http://BMW.fm/Disclaimer
(0)
(0)