Security News > 2023 > August > Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability
E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023.
The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.
"The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days," Akamai researchers said in an analysis published last week, attributing the campaign to actors of Russian origin.
The attacks culminate with the creation of a rogue admin user with the name "Mageworx" in what appears to be a deliberate attempt to camouflage their actions as benign, for the two monikers refer to popular Magento 2 extension stores.
Online shopping sites have been targeted for years by a class of attacks known as Magecart in which skimmer code is inserted into checkout pages with the goal of harvesting payment data entered by victims.
"The attackers have shown a meticulous approach, targeting specific Magento 2 instances rather than indiscriminately spraying their exploits across the internet," the researchers said.
News URL
https://thehackernews.com/2023/08/ongoing-xurum-attacks-on-e-commerce.html
Related news
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Cyber attacks on critical infrastructure show advanced tactics and new capabilities (source)
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)