Adobe Commerce and Magento stores vulnerable to dangerous malware attacks

Experts warn that some of the world’s most popular e-commerce platforms contain security vulnerabilities that allow cybercriminals to remotely execute code, deploy malware and even steal payment information from customers.

Countless websites using the Adobe Commerce and Magento platforms have already been hacked, including major companies such as Ray Ban, National Geographic, Cisco, Whirlpool and Segway, according to cybersecurity researcher Sansec.

They claim that about 5% of all websites served by these platforms have already been hacked by a vulnerability called “CosmicSting”, and as many as five new ones are being added every hour, which they say is the “worst bug” to appear on both platforms in years.

Connecting errors

The vulnerability, rated CVE-2024-34102 with a severity rating of 9.8/10 (Critical), is described as an “improper XML external entity (XXE) reference constraint” bug.

A patch for the vulnerability was released in June 2024 and CISA added it to its KEV catalog in July, but more recent attacks, seen since August, have linked CosmicSting to a vulnerability called CNEXT and tracked as CVE-2024-2961. Together, these two bugs allow attackers to remotely execute code and essentially take over the entire system.

Researchers identified at least seven groups that exploited these vulnerabilities. These groups are not widely known in the cybercrime community – Beavers, Polyovki, Surki, Burunduki, Ondatry, Khomyaki and Belki. Regardless of their status, they are still a formidable enemy, as at least one used CNEXT’s CosmicSting to plant skimmer malware on victims’ sites.

Skimmers work by stealing payment information during the checkout process and sending it to attackers. Fraudsters can either sell your credit card details on the black market or use them to fund additional campaigns. Every now and then we see advertising campaigns on Google, Facebook and elsewhere promoting malicious websites and programs, and most of these campaigns are funded this way.

“Sellers are strongly advised to upgrade to the latest version of Magento or Adobe Commerce,” Sansec said. “They should also change secret encryption keys and ensure that old keys are invalidated.”

By HackerNews News