Security News > 2023 > August > Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023.

The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.

"The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days," Akamai researchers said in an analysis published last week, attributing the campaign to actors of Russian origin.

The attacks culminate with the creation of a rogue admin user with the name "Mageworx" in what appears to be a deliberate attempt to camouflage their actions as benign, for the two monikers refer to popular Magento 2 extension stores.

Online shopping sites have been targeted for years by a class of attacks known as Magecart in which skimmer code is inserted into checkout pages with the goal of harvesting payment data entered by victims.

"The attackers have shown a meticulous approach, targeting specific Magento 2 instances rather than indiscriminately spraying their exploits across the internet," the researchers said.

News URL

https://thehackernews.com/2023/08/ongoing-xurum-attacks-on-e-commerce.html