Cybercriminals capitalize on Magento’s vulnerability to pilfer payment information from online retail platforms

Cybercriminals capitalize on Magento’s vulnerability to pilfer payment information from online retail platforms

Product and affected versions

The vulnerability affects Magento e-commerce websites. The specific affected versions are not mentioned in the provided text.

Severity and CVE ID

The severity of this vulnerability is critical, with a CVSS score of 9.1. The CVE ID associated with it is CVE-2024-20720.

Vulnerability

The vulnerability is described as an “improper neutralization of special elements” in Magento, which could lead to arbitrary code execution.

How Attack works

Threat actors exploit a flaw in Magento to inject a persistent backdoor into e-commerce websites. They leverage a cleverly crafted layout template in the database to automatically inject malicious code, utilizing the Magento layout parser and the beberlei/assert package. This injected code executes system commands, specifically utilizing the sed command to insert a code execution backdoor. This backdoor is then responsible for delivering a Stripe payment skimmer, allowing attackers to capture and exfiltrate financial information from compromised Magento stores.

Remediations

The vulnerability was addressed by Magento as part of security updates released on February 13, 2024. Magento users are advised to apply these security updates immediately to protect their websites from exploitation.

Reference

https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html