Adobe Commerce and Magento stores facing attack from dangerous malware

Crooks are stealing credit card data from affected sites

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Some of the world’s most popularecommerce platformswere carrying vulnerabilities that allowed threat actors to run code remotely, deploymalware, and even steal payment information from the customers, experts have warned.

Countless websites usingAdobeCommerce and Magento platforms have already been compromised, including heavyweights such as Ray Ban, National Geographic, Cisco, Whirlpool, and Segway, cybersecurity researchers Sansec have claimed.

They claim roughly 5% of all websites powered by these platforms have already been hacked by the vulnerability, dubbed “CosmicSting”, with up to five new ones being added every hour in what they claim is the “worst bug” to hit the two platforms in years.

Chaining flaws

The vulnerability, tracked as CVE-2024-34102 with a severity score of 9.8/10 (critical), is described as “improper restriction of XML external entity reference (XXE)” flaw.

The patch for the flaw was released in June 2024, while CISA added it to its KEV catalog in July, however newer attacks, observed from August onward, were chaining CosmicSting with a vulnerability called CNEXT, and tracked as CVE-2024-2961. Together, these two bugs grant the attackers the ability to run code remotely, and essentially take over the entire system.

The researchers identified at least seven groups that were taking advantage of these vulnerabilities. The groups are not exactly household names in the cybercriminal community - Bobry, Polyovki, Surki, Burunduki, Ondatry, Khomyaki, and Belki. Regardless of their status, they are still a formidable foe, since at least one used CosmicSting with CNEXT to plant skimmer malware to the victim websites.

Skimmers work by stealing payment information during the checkout process, and sending it to the attackers. Crooks can either sell the credit card data on the black market, or use it to fund additional campaigns. Every now and then, we see ad campaigns onGoogle, Facebook, and elsewhere, promoting malicious websites and programs, and the majority of those campaigns are funded like this.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Merchants are strongly advised to upgrade to the latest version of Magento or Adobe Commerce,” Sansec said. “They should also rotate secret encryption keys, and ensure that old keys are invalidated.”

ViaTheHackerNews

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report