April 6, 2024 at 06:33AM
Threat actors exploit a critical flaw in Magento, using CVE-2024-20720 to inject a backdoor for arbitrary code execution. The attack involves using Magento layout parser and beberlei/assert package to execute system commands via sed. Russian government has charged six individuals for using skimmer malware to steal credit card information from foreign e-commerce stores.
Key Takeaways from the Meeting Notes:
1. Threat actors are exploiting a critical flaw (CVE-2024-20720) in Magento to inject a persistent backdoor into e-commerce websites and execute arbitrary commands.
2. Sansec discovered a cleverly crafted layout template in the database that automatically injects malicious code to execute system commands by leveraging the Magento layout parser with the beberlei/assert package.
3. The injected code execution backdoor is responsible for delivering a Stripe payment skimmer to capture and exfiltrate financial information to another compromised Magento store.
4. The Russian government has charged six individuals for using skimmer malware to steal credit card and payment information from foreign e-commerce stores since late 2017.
5. The suspects charged by the Russian government are Denis Priymachenko, Alexander Aseyev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev, who illegally obtained information about almost 160 thousand payment cards of foreign citizens and sold them through shadow internet sites.
Additionally, if you would like to read more exclusive content, you can follow us on Twitter and LinkedIn.