2022-02-15

Attacking Magento 1 eCommerce platform

Level: 
Strategic
  |  Source: 
Sansec
Ecommerce
Cybersecurity
Information & Technology
Share:

Attacking Magento 1 ecommerce platform

An excess of 500 eCommerce platforms has suffered a data breach as attackers take advantage of an end-of-life eCommerce platform, Magento 1. The compromise to these eCommerce platforms was identified by Sansec and their investigation found, "attackers used a clever combination of an SQL injection (SQLi) and PHP Object Injection (POI) attack to gain control of the Magento store." The domain naturalfreshmall[.]com was identified in all attacks, to load the malicious payment skimmers. The attackers also took advantage of a known leak in the Quickview plugin to add a validation rule to the "customer_eav_attribute' table, resulting in the creation of a malicious PHP backdoor. The final step in the process involved having to register as a new customer, "Magento actually needs to unserialize the data. And there is the cleverness of this attack: by using the validation rules for new customers, the attacker can trigger an unserializer by simply browsing the Magento sign up page."

Get trending threats published weekly by the Anvilogic team.

Sign Up Now