critical magento vulnerability targeted in new surge of attacks

Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites.

Magento is an open-source e-commerce platform owned by Adobe, used by approximately 170,000 online shopping websites worldwide.

The CVE-2022-24086 vulnerability was discovered and patched in February 2022, when threat actors were already exploiting it in the wild. At the time, CISA published an alert urging site admins to apply the available security update.

A couple of days later, security researchers published a proof-of-concept (PoC) exploit for CVE-2022-24086, opening the road to mass exploitation.

According to a report published by Sansec today, we have reached that stage, with the critical template vulnerability becoming a favorite in the hacker underground.

Three attack variants

Sansec’s analysts have observed three attack variants exploiting CVE-2022-24086 to inject a remote access trojan (RAT) on vulnerable endpoints.

The attacks are interactive because the Magento checkout flow is challenging to automate and may reduce the effectiveness of the attacks.

The first variant begins by creating a new customer account on the target platform using malicious template code in the first and last names and then placing an order.

critical magento vulnerability targeted in new surge of attacks

Part of the injected template code (Sansec)

The injected code decodes to a command that downloads a Linux executable (“223sam.jpg”) which launches in the background as a process. This is the RAT, which phones to a Bulgaria-based server to receive commands.

“This attack method defeats some of the security features of the Adobe Commerce Cloud platform, such as a read-only code base and restricted PHP execution under pub/media,” explains Sansec in the report.

“The RAT has full access to the database and the running PHP processes,… and can be injected on any of the nodes in a multi-server cluster environment.”

The second attack involves the injection of a PHP backdoor (“health_check.php”) by including template code in the VAT field of the placed order.

The code creates a new file (“pub/media/health_check.php”) that accepts commands via POST requests.

critical magento vulnerability targeted in new surge of attacks

Creating the malicious PHP file (Sansec)

Finally, the third attack variation employs template code that executes to replace “generated/code/Magento/Framework/App/FrontController/Interceptor.php” with a malicious, backdoored version.

critical magento vulnerability targeted in new surge of attacks

PHP eval backdoor created in the third attack (Sansec)

The researchers urge Magento 2 site administrators to follow the security guidelines on this support page and upgrade their software to the latest version.

Keyword: Critical Magento vulnerability targeted in new surge of attacks

TECH'S NEWS RELATED

iPhone 14 Plus now available in 30+ countries

It’s Friday, which means Apple is now selling the iPhone 14 Plus in more than 30 countries and regions. A month after the “Far Out” event, the company is officially selling all the products announced at the September keynote. Here’s what you need to know about this regular, but ...

View more: iPhone 14 Plus now available in 30+ countries

Xalts raises $6 million from marquee investors

iStockXalts, an investment management and technology firm, has raised US $6 million from Silicon Valley venture capital firm Accel, Citi Ventures and crypto founders such as Polygon co-founder Sandeep Nailwal.Ashutosh Goel, a former trader at HSBC, and Supreet Kaur, a former executive at Meta Asia, got together to start xalts, ...

View more: Xalts raises $6 million from marquee investors

ETtech Deals Digest: Big-ticket funding for Indian startups far from sight

ETtechIndian startups are facing the brunt of the ongoing tech winter and severe macroeconomic conditions gripping the West. It has been months that any Indian startup has raked in investment in triple digits million. This week was no different as global funding has dipped drastically and the overall funding environment ...

View more: ETtech Deals Digest: Big-ticket funding for Indian startups far from sight

Amazon Fire TV Sticks are on sale by up to 50 percent off

One of the most popular items sold during Amazon’s Prime Day earlier this year was its Fire TV Sticks. This will be one of the big sellers during the upcoming Prime Early Access Sale next week as well. However, the discounts will not be going beyond its current price, ...

View more: Amazon Fire TV Sticks are on sale by up to 50 percent off

iOS 16 users review – bugs affect social apps the most

When a new iOS version is launched, it is bound to bring some unforeseen bugs. These bugs will also cause some strange problems in third-party applications, and iOS 16 is no exception. An analysis of user reviews in the weeks after the iOS 16 release shows that social networking apps ...

View more: iOS 16 users review – bugs affect social apps the most

Digital Assets And Fintech Are The Evolution Of The Financial Industry

Influence Of Financial Technology And Digital Assets The Growth Of Fintech And Online Shopping A Rising Need For Data Protection A Crashing Tide Of Cryptocurrencies Fostering Economic Growth In Conclusion (Photo : Kanchanara on Unsplash) The birth of a new business exemplifies the world’s ongoing effort to adapt to ...

View more: Digital Assets And Fintech Are The Evolution Of The Financial Industry

Vestbee joins forces with Amazon Web Services to support Web3 startups

Vestbee, one of the leading European platforms for startups, VC funds, accelerators, business angels, and corporates has just launched its newest initiative - AWS Web3 Challenge, in partnership with Amazon Web Services. The programme aims to support EMEA startups that implement Web3 solutions in real business scenarios. Challenge Finalists will receive integrated support for all aspects of their growing business - infrastructure, marketing, sales, and fundraising. 

View more: Vestbee joins forces with Amazon Web Services to support Web3 startups

FTX Targets Latin America With Visa Debit Card—With Europe and Asia Next

FTX is expanding its offering into more than 40 additional countries, letting users spend their crypto all over the place.

View more: FTX Targets Latin America With Visa Debit Card—With Europe and Asia Next

New Hacker Technique Lets Attackers Disable Antivirus Solutions and Infect the Users Device Anyway

Honda Reveals the Design of the Electric Prologue SUV

Google offers more trade-in value for iPhones than Apple — up to $750

Learn a new language, skills and more with this self-starters bundle

How does the Pixel 7 stack up against Apple's iPhone 14 and the Samsung Galaxy S22?

In Apple's shadow, Google takes new route to face recognition on Pixel phones

Elon Musk and Hu Xijin face off on Twitter as Tesla founder claps back at Chinese nationalist influencer over Russia-Ukraine war comments

Octopus Ventures bolsters deep tech investor team

NASA Research Says Moon May Have Formed in Mere Hours

Brighton vs Tottenham live stream and how to watch Premier League game online

iPhone should switch to USB-C, says iPod inventor Tony Fadell

Brazillian Police Raid ‘Bitcoin Sheikh’ for Defrauding Victims of $766M: Report

OTHER TECH NEWS

;