Security News > 2023 > August > Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability
E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023.
The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.
"The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days," Akamai researchers said in an analysis published last week, attributing the campaign to actors of Russian origin.
The attacks culminate with the creation of a rogue admin user with the name "Mageworx" in what appears to be a deliberate attempt to camouflage their actions as benign, for the two monikers refer to popular Magento 2 extension stores.
Online shopping sites have been targeted for years by a class of attacks known as Magecart in which skimmer code is inserted into checkout pages with the goal of harvesting payment data entered by victims.
"The attackers have shown a meticulous approach, targeting specific Magento 2 instances rather than indiscriminately spraying their exploits across the internet," the researchers said.
News URL
https://thehackernews.com/2023/08/ongoing-xurum-attacks-on-e-commerce.html
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)