Nearly 40% of Magento 2 websites are being targeted by a deluge of TrojanOrders attacks conducted by at least seven hacking groups, BleepingComputer reports.
TrojanOrders attacks involve exploitation of the critical Magento flaw, tracked as CVE-2022-24086, to facilitate code execution and remote access trojan injections, according to a report from Sansec.
Even though fixes for the flaw have been issued by Adobe in February, at least a third of Adobe Commerce and Magento stores continue to be vulnerable to the flaw, the report showed. Mounting TrojanOrders attacks have been attributed by Sansec researchers to the prevalence of vulnerable Magento 2 sites, as well as the prolonged and widespread availability of proof-of-concept exploits, which now cost as low as $2,500, compared with $20,000 to $30,000 early this year. Increased web traffic brought by the holiday season has also contributed to the onslaught of attacks, researchers added.
Immediate patching of the flaw and the use of a backend malware scanner have been urged to avert TrojanOrders attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news