[ad_1]
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor in addition to a bank card skimmer that is able to stealing fee info from compromised web sites.
“The attacker began with automated e-commerce assault probes, testing for dozens of weaknesses in widespread on-line retailer platforms,” researchers from Sansec Risk Analysis mentioned in an evaluation. “After a day and a half, the attacker discovered a file add vulnerability in one of many retailer’s plugins.” The identify of the affected vendor was not revealed.
The preliminary foothold was then leveraged to add a malicious net shell and alter the server code to siphon buyer information. Moreover, the attacker delivered a Golang-based malware referred to as “linux_avp” that serves as a backdoor to execute instructions remotely despatched from a command-and-control server hosted in Beijing.
Upon execution, this system is designed to take away itself from the disk and camouflage as a “ps -ef” course of, which is a utility for displaying currently-running processes in Unix and Unix-like working programs.
The Dutch cybersecurity agency mentioned it additionally found a PHP-coded net skimmer that is disguised as a favicon picture (“favicon_absolute_top.jpg”) and added to the e-commerce platform’s code with the purpose of injecting fraudulent fee varieties and stealing bank card info entered by prospects in real-time, earlier than transmitting them to a distant server.
Moreover, Sansec researchers mentioned the PHP code was hosted on a server situated in Hong Kong and that it was beforehand used as a “skimming exfiltration endpoint in July and August of this 12 months.”
[ad_2]
