Stealthy XML Backdoor Haunts Magento Stores – New Threat Exploits Critical Vulnerability (CVE-2024-20720)
Magento merchants, brace yourselves. A cunning new malware campaign is targeting your online stores with an insidious twist. Researchers at Sansec have uncovered a persistent backdoor lurking within the XML code of Magento websites, a method designed to ensure the infection keeps returning even after you think you’ve cleaned up.
The Sneaky Exploit
Attackers are ruthlessly exploiting a recently patched critical vulnerability (CVE-2024-20720) in Magento. They’re injecting malicious code into a layout template tucked away in your store’s database. This crafty layout template uses the Magento layout system and a commonly installed package to secretly execute attacker-controlled commands.
The worst part? This attack is linked to your checkout page. Every time a customer visits their shopping cart, the malware triggers. It reinfects a vital system controller, guaranteeing its unwelcome return.
A Two-Pronged Attack
This isn’t just about persistence. These cybercriminals have a double whammy in store:
- Persistent Backdoor: They get unfettered remote control of your website. Think of it as a secret entrance they can use to slip in and out at will.
- Stolen Payment Data: The attackers are siphoning off sensitive customer payment details using a fake Stripe payment form. They’re sending this stolen data off to a different compromised Magento store.
What You Need to Do – NOW
Affected merchants, there’s no time to waste. Here’s your action plan:
- Scan and Seek: Use Sansec’s eComscan scanner to hunt down any hidden backdoors lurking in your system.
- Patch Immediately: Upgrade your Magento installation to the latest secured versions (2.4.6-p4, 2.4.5-p6, or 2.4.4-p7) to slam the door shut on this vulnerability.
The Bigger Picture
This attack is a chilling reminder of the relentless threat landscape online stores face. Staying vigilant, keeping software up-to-date, and using specialized security tools are your best weapons in this ongoing battle.
