April 5, 2024 at 01:24PM
Magecart attackers have devised a new method of implanting persistent backdoors in e-commerce websites to automatically deploy malware. They exploit a critical command injection vulnerability in the Adobe Magento e-commerce platform to execute arbitrary code, using a layout template to inject malware into compromised sites. Upgrading to specific versions of the platform can protect against this threat.
Based on the meeting notes, it’s clear that Magecart attackers have developed a new method of inserting persistent backdoors into e-commerce websites. This technique exploits a critical command injection vulnerability in the Adobe Magento e-commerce platform (CVE-2024-20720, CVSS score of 9.1), enabling the execution of arbitrary code without user interaction.
The attackers achieve this by utilizing a “cleverly crafted layout template” in the layout_update database table, containing XML shell code that automatically injects malware into compromised sites via the Magento content management system (CMS) controller.
Sansec researchers have noted that attackers combine the Magento layout parser with the beberlei/assert package to execute system commands. This command is executed whenever
Adobe has addressed this security bug in February, and e-tailers should upgrade their versions to 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7 to safeguard against this threat.