Attacks leveraging an already fixed critical Magento vulnerability, tracked as CVE-2024-20720, have been launched against e-commerce websites to facilitate the distribution of a Stripe payment skimmer for financial data exfiltration, according to The Hacker News.
Both the Magento layout parser and the default "beberlei/assert" package have been leveraged by threat actors to enable the execution of the "sed" command in the event of a "/checkout/cart" request, with the command facilitating the injection of a code execution backdoor that fetches the skimmer, a report from Sansec showed. Such findings come after Russian nationals alleged to be part of a hacking group have been indicted by the Russian Prosecutor General's Office for their role in a card skimming attack.
"As a result, members of the hacker group illegally took possession of information about almost 160 thousand payment cards of foreign citizens, after which they sold them through shadow internet sites," said the Russian government.
