Hundreds of electronic commerce sites, at least one owned by a large multinational company, were rear for malware that executes malicious code within the visitors’ browsers, where you can steal information card information and other confidential data, security researchers said on Monday.
Infections are the result of a supply chain attack that committed at least three malware software suppliers that remained inactive for six years and became active only in recent weeks. At least 500 electronic commerce sites depending on the rear software were infected, and it is possible that the real number is twice that the investigators of the Sansec security firm saying.
Among the committed customers was a multinational company of $ 40 billion, which Sansec did not appoint. In an email on Monday, a Sansec representative said that “global remediation [on the infected customers] It remains limited. “
Code execution in visiting machines
The attack chain attack raises a significant risk for the thousands or millions of people visiting infected sites, because it allows attackers to execute the code of their choice on the servers of the electronic commerce site. From there, the servers execute the information theft code on visiting machines.
“Since the rear door allows to load and execute arbitrary PHP code, the attackers have a complete remote code execution (RCE) and can essentially do what they want,” the representative wrote. “In almost all the Violations of Adobe Commerce/Magento that we observe, the rear door is used to inject a skim software that is executed in the user’s browser and steals payment information (Magecart).”
The three software suppliers identified by Sansec were Tigren, Magesolution (MGS) and Meetanshi. The three supply software that is based on MagentoAn open source electronic commerce platform used by thousands of online stores. A version of software sold by a fourth supplier called Weltpixel has been infected with a similar code in some of its customers’ stores, but Sansec has not been able to confirm whether it was the stores or Weltpixel that were pirate. Adobe has owned megent since 2018.
#Hundreds #electronic #commerce #sites #supply #chain #attack
