Security News > 2023 > August > Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023.
The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.
"The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days," Akamai researchers said in an analysis published last week, attributing the campaign to actors of Russian origin.
The attacks culminate with the creation of a rogue admin user with the name "Mageworx" in what appears to be a deliberate attempt to camouflage their actions as benign, for the two monikers refer to popular Magento 2 extension stores.
Online shopping sites have been targeted for years by a class of attacks known as Magecart in which skimmer code is inserted into checkout pages with the goal of harvesting payment data entered by victims.
"The attackers have shown a meticulous approach, targeting specific Magento 2 instances rather than indiscriminately spraying their exploits across the internet," the researchers said.
News URL
https://thehackernews.com/2023/08/ongoing-xurum-attacks-on-e-commerce.html
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)