Father
Professional
- Messages
- 2,602
- Reaction score
- 761
- Points
- 113
Six criminals are accused of stealing financial information from online shopping enthusiasts.
Prosecutors have filed charges against several cybercriminals who exploited a critical vulnerability in the popular Magento e-commerce platform. The bug, identified as CVE-2024-20720, helps install a backdoor on online store sites and steal customers ' financial information.
CVE-2024-20720 is a very serious threat - its CVSS score is 9.1 out of 10. Adobe, the developer of Magento, claims that the problem is related to "incorrect processing of special elements" and can lead to the execution of arbitrary code on the server.
The developers tried to fix the defect as part of the updates released on February 13, 2024. However, according to Sansec, cybercriminals managed to develop a sophisticated malicious page layout that automatically inserts a backdoor into the database.
"Attackers use Magento layout processing tools in combination with the beberlei/assert library (installed by default) to execute system commands," Sansec said in a statement . — Since this malicious layout block is associated with the shopping cart, the malicious command is launched every time the shopping cart page is accessed."
To implement the backdoor, hackers used the sed command. This backdoor then uploaded a malicious module to the site to collect valuable information — the so-called Stripe payment skimmer.
The authorities are naming six members of the group behind the campaign: Denis Priymachenko, Alexander Aseev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk and Anton Tolmachev. Hackers have been using skimming software to steal bank card data and payment information from foreign platforms since the end of 2017.
"Members of the hacker group illegally seized information about almost 160 thousand payment cards of foreign citizens, after which they sold them through shadow Internet platforms." - said the Prosecutor General's Office of the Russian Federation.
Prosecutors have filed charges against several cybercriminals who exploited a critical vulnerability in the popular Magento e-commerce platform. The bug, identified as CVE-2024-20720, helps install a backdoor on online store sites and steal customers ' financial information.
CVE-2024-20720 is a very serious threat - its CVSS score is 9.1 out of 10. Adobe, the developer of Magento, claims that the problem is related to "incorrect processing of special elements" and can lead to the execution of arbitrary code on the server.
The developers tried to fix the defect as part of the updates released on February 13, 2024. However, according to Sansec, cybercriminals managed to develop a sophisticated malicious page layout that automatically inserts a backdoor into the database.
"Attackers use Magento layout processing tools in combination with the beberlei/assert library (installed by default) to execute system commands," Sansec said in a statement . — Since this malicious layout block is associated with the shopping cart, the malicious command is launched every time the shopping cart page is accessed."
To implement the backdoor, hackers used the sed command. This backdoor then uploaded a malicious module to the site to collect valuable information — the so-called Stripe payment skimmer.
The authorities are naming six members of the group behind the campaign: Denis Priymachenko, Alexander Aseev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk and Anton Tolmachev. Hackers have been using skimming software to steal bank card data and payment information from foreign platforms since the end of 2017.
"Members of the hacker group illegally seized information about almost 160 thousand payment cards of foreign citizens, after which they sold them through shadow Internet platforms." - said the Prosecutor General's Office of the Russian Federation.
