Threat Advisory

Magecart Exploits Magento Vulnerability, Injecting Backdoors for Malware Distribution

Threat: Vulnerability
Criticality: High
[subscribe_to_unlock_form]

Summary:

Magecart attackers have developed a new strategy of embedding persistent backdoors in e-commerce websites to automatically distribute malware. These threat actors exploit a critical command injection vulnerability in Adobe Magento CVE-2024-20720, allowing them to execute arbitrary code without user interaction. They leverage a "cleverly crafted layout template" in the layout_update database table, which includes XML shell code to inject malware via the Magento CMS controller. This layout block is connected to the checkout cart, causing the malicious command to run whenever the checkout cart is accessed. Using this technique, Magecart injects a Stripe payment skimmer to capture and steal payment data from compromised sites. Adobe has addressed the security vulnerability in recent updates of Adobe Commerce and Magento, urging users to upgrade the versions to protect their sites from this threat.[/subscribe_to_unlock_form]

Summary:

Magecart attackers have developed a new strategy of embedding persistent backdoors in e-commerce websites to automatically distribute malware. These threat actors exploit a critical command injection vulnerability in Adobe Magento CVE-2024-20720, allowing them to execute arbitrary code without user interaction. They leverage a "cleverly crafted layout template" in the layout_update database table, which includes XML shell code to inject malware via the Magento CMS controller. This layout block is connected to the checkout cart, causing the malicious command to run whenever the checkout cart is accessed. Using this technique, Magecart injects a Stripe payment skimmer to capture and steal payment data from compromised sites. Adobe has addressed the security vulnerability in recent updates of Adobe Commerce and Magento, urging users to upgrade the versions to protect their sites from this threat.[emaillocker id="1283"]

Recommendations:

We strongly recommend you update the Adobe Commerce and Magento to versions 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7

References:

The following reports contain further technical details:
https://www.darkreading.com/cloud-security/magecart-attackers-pioneer-persistent-ecommerce-backdoor

[/emaillocker]
crossmenu