Sansec Menace Analysis Staff seen a surge in Magento 2 template assaults. This essential template vulnerability in Magento 2 tracked as (CVE-2022-24086) is rising amongst eCommerce cyber criminals. The vulnerability permits unauthenticated attackers to execute code on unpatched websites.
Magento is a well-liked, Adobe-owned open-source e-commerce platform that powers many on-line retailers. Greater than 150,000 on-line shops have been created on the platform. As of April 2021, Magento holds a 2.32% market share in world e-commerce platforms.
Vital Magento Vulnerability
Adobe patched this Magento 2 Vulnerability (CVE-2022-24086) in February 2022; in a while the safety researchers have created exploit code for the vulnerability that opens a method to mass exploitation.
Sansec researchers shared findings of three template hacks. The report says the noticed assaults have been interactive; for the reason that Magento checkout movement may be very laborious to automate. It begins with the creation of a brand new buyer account and an order placement, which can lead to a failed cost.
Consultants say, this downloads a Linux executable referred to as 223sam(.)jpg and launches it as a background course of.
“It’s really a Distant Entry Trojan (RAT). Whereas it stays in reminiscence, it creates a state file and polls a distant server hosted in Bulgaria for instructions”, Sansec
Researchers identified that RAT has full entry to the database and the working PHP processes. Additionally, RAT could be injected on any of the nodes in a multi-server cluster setting.
One other variation of this assault is the tried injection of a health_check.php backdoor. It creates a brand new file accepting instructions through the POST parameter:
A 3rd assault variation has this template code, which replaces generated/code/Magento/Framework/App/FrontController/Interceptor.php. This malware is then executed on each Magento web page request.
Due to this fact, specialists suggest the Magento 2 web site directors to improve their software program to the most recent model.
Obtain Free SWG – Safe Internet Filtering – E-book