New Golang-based Linux Malware Targeting eCommerce Websites

News

Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that’s capable of stealing payment information from compromised websites.

“The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms,” researchers from Sansec Threat Research said in an analysis. “After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins.” The name of the affected vendor was not revealed.

Automatic GitHub Backups

The initial foothold was then leveraged to upload a malicious web shell and alter the server code to siphon customer data. Additionally, the attacker delivered a Golang-based malware called “linux_avp” that serves as a backdoor to execute commands remotely sent from a command-and-control server hosted in Beijing.

Golang-based Linux Malware

Upon execution, the program is designed to remove itself from the disk and camouflage as a “ps -ef” process, which is a utility for displaying currently-running processes in Unix and Unix-like operating systems.

Prevent Data Breaches

The Dutch cybersecurity firm said it also discovered a PHP-coded web skimmer that’s disguised as a favicon image (“favicon_absolute_top.jpg”) and added to the e-commerce platform’s code with the goal of injecting fraudulent payment forms and stealing credit card information entered by customers in real-time, before transmitting them to a remote server.

Furthermore, Sansec researchers said the PHP code was hosted on a server located in Hong Kong and that it was previously used as a “skimming exfiltration endpoint in July and August of this year.”

Products You May Like

Articles You May Like

Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware
McAfee Secure VPN: Now with WireGuard for Faster Speeds and Enhanced Stability
Romance scammer and BEC fraudster sent to prison for 25 years
CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability
The Optus Data Breach – Steps You Can Take to Protect Yourself

Leave a Reply

Your email address will not be published.