Lots of of e-commerce websites, at the least one owned by a big multinational firm, had been backdoored by malware that executes malicious code contained in the browsers of tourists, the place it will probably steal cost card info and different delicate knowledge, safety researchers mentioned Monday.
The infections are the results of a supply-chain assault that compromised at the least three software program suppliers with malware that remained dormant for six years and have become energetic solely in the previous couple of weeks. A minimum of 500 e-commerce websites that depend on the backdoored software program had been contaminated, and it’s attainable that the true quantity is double that, researchers from safety agency Sansec said.
Among the many compromised clients was a $40 billion multinational firm, which Sansec didn’t identify. In an electronic mail Monday, a Sansec consultant mentioned that “world remediation [on the infected customers] stays restricted.”
Code execution on guests’ machines
The provision chain assault poses a major danger to the hundreds or thousands and thousands of individuals visiting the contaminated websites, as a result of it permits attackers to execute code of their selection on ecommerce web site servers. From there, the servers run info-stealing code on customer machines.
“Because the backdoor permits importing and executing arbitrary PHP code, the attackers have full distant code execution (RCE) and might do basically something they need,” the consultant wrote. “In almost all Adobe Commerce/Magento breaches we observe, the backdoor is then used to inject skimming software program that runs within the consumer’s browser and steals cost info (Magecart).”
The three software program suppliers recognized by Sansec had been Tigren, Magesolution (MGS), and Meetanshi. All three provide software program that’s primarily based on Magento, an open supply e-commerce platform utilized by hundreds of on-line shops. A software program model offered by a fourth supplier named Weltpixel has been contaminated with related code on a few of its clients’ shops, however Sansec to date has been unable to substantiate whether or not it was the shops or Weltpixel that had been hacked. Adobe has owned Megento since 2018.
