Magecart Cybercriminals Employ Innovative E-Commerce Backdoor Exploiting CVE-2024-20720

April 5, 2024

Magecart, a well-known cybercrime entity infamous for payment-skimming, has developed a new tactic for stealing card data. This technique involves exploiting a critical command injection vulnerability, CVE-2024-20720, in the Adobe Magento e-commerce platform to create a persistent backdoor in e-commerce websites. This backdoor is capable of automatically injecting malware.

The vulnerability, which has a CVSS score of 9.1, allows for arbitrary code execution without user interaction. The code executed is a meticulously designed layout template in the layout_update database table. This template contains XML shell code that automatically injects malware into compromised sites via the controller for the Magento content management system (CMS).

In an alert, Sansec researchers explained, 'Attackers combine the Magento layout parser with the beberlei/assert package (installed by default) to execute system commands.' The layout block is linked to the checkout cart, meaning this command is executed whenever the checkout cart is requested.

Magecart, a long-standing umbrella organization for cybercrime groups that skim payment card data from e-commerce sites, has been observed using this technique to inject a Stripe payment skimmer. This skimmer captures and exfiltrates payment data to a site controlled by the attackers.

Adobe addressed this security bug in both Adobe Commerce and Magento in February. To protect themselves from this threat, e-tailers are advised to update their versions to 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.