Security News > 2021 > November > New Golang-based Linux Malware Targeting eCommerce Websites
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites.
"The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis.
The initial foothold was then leveraged to upload a malicious web shell and alter the server code to siphon customer data.
The attacker delivered a Golang-based malware called "Linux avp" that serves as a backdoor to execute commands remotely sent from a command-and-control server hosted in Beijing.
The Dutch cybersecurity firm said it also discovered a PHP-coded web skimmer that's disguised as a favicon image and added to the e-commerce platform's code with the goal of injecting fraudulent payment forms and stealing credit card information entered by customers in real-time, before transmitting them to a remote server.
Sansec researchers said the PHP code was hosted on a server located in Hong Kong and that it was previously used as a "Skimming exfiltration endpoint in July and August of this year."
News URL
https://thehackernews.com/2021/11/new-golang-based-linux-malware.html
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)