Sansec, a cybersecurity firm, has reported that threat actors are exploiting a critical vulnerability, CVE-2024-20720, in Magento, allowing them to inject a persistent backdoor into ecommerce websites. Despite Adobe’s resolution of the flaw in February 2024, some websites remain vulnerable, with threat actors leveraging a crafted layout template in the database to inject XML code, enabling arbitrary code execution. Exploiting Magento’s layout parser and default package, attackers execute system commands tied to the checkout cart, ensuring periodic reinjection of the backdoor for persistent remote code execution. The injected backdoor facilitates the theft of payment data through a fake Stripe payment skimmer. Users are urged to update to patched Magento versions and scan their websites for malware signs immediately.
Read more: https://www.securityweek.com/magento-vulnerability-exploited-to-deploy-persistent-backdoor/