New Golang-based Linux Malware Targeting eCommerce Websites

News

Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that’s capable of stealing payment information from compromised websites.

“The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms,” researchers from Sansec Threat Research said in an analysis. “After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins.” The name of the affected vendor was not revealed.

Automatic GitHub Backups

The initial foothold was then leveraged to upload a malicious web shell and alter the server code to siphon customer data. Additionally, the attacker delivered a Golang-based malware called “linux_avp” that serves as a backdoor to execute commands remotely sent from a command-and-control server hosted in Beijing.

Golang-based Linux Malware

Upon execution, the program is designed to remove itself from the disk and camouflage as a “ps -ef” process, which is a utility for displaying currently-running processes in Unix and Unix-like operating systems.

Prevent Data Breaches

The Dutch cybersecurity firm said it also discovered a PHP-coded web skimmer that’s disguised as a favicon image (“favicon_absolute_top.jpg”) and added to the e-commerce platform’s code with the goal of injecting fraudulent payment forms and stealing credit card information entered by customers in real-time, before transmitting them to a remote server.

Furthermore, Sansec researchers said the PHP code was hosted on a server located in Hong Kong and that it was previously used as a “skimming exfiltration endpoint in July and August of this year.”

Articles You May Like

4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021
Hundreds of new vulnerabilities found in SOHO routers
Fighting Supply Chain Threats Is Complicated
Business School Dean Guilty of Data Conspiracy
More than 1,000 arrested in global crackdown on online fraud

Leave a Reply

Your email address will not be published. Required fields are marked *