Security News > 2023 > August > Magento shopping cart attack targets critical vulnerability revealed in early 2022
Ecommerce stores using Adobe's open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical vulnerability that was patched last year, on February 13, 2022.
"The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days," they said.
At least seven threat groups have focused on attacking Magento shops since 2015, according to the security researchers.
These groups, referred to collectively as Magecart due to their focus on Magento shopping carts, rely on various malware techniques like JavaScript data skimming, to intercept and steal transaction data from ecommerce websites.
"We are inspecting and blocking incoming attacks targeted at our customers, but our does not collect information about the customers' Magento version."
To prevent the malicious component from being detected, the attacker code registers the web shell as a new Magento component called "GoogleShoppingAds."
News URL
https://go.theregister.com/feed/www.theregister.com/2023/08/11/magento_shopping_cart_attack_targets/
Related news
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)