fbpx

New Golang-based Linux Malware Targeting eCommerce Websites

Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that’s capable of stealing payment information from compromised websites.

“The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms,” researchers from Sansec Threat Research said in an analysis. “After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins.” The name of the affected vendor was not revealed.

Automatic GitHub Backups

The initial foothold was then leveraged to upload a malicious web shell and alter the server code to siphon customer data. Additionally, the attacker delivered a Golang-based malware called “linux_avp” that serves as a backdoor to execute commands remotely sent from a command-and-control server hosted in Beijing.

Golang-based Linux Malware

Upon execution, the program is designed to remove itself from the disk and camouflage as a “ps -ef” process, which is a utility for displaying currently-running processes in Unix and Unix-like operating systems.

Prevent Data Breaches

The Dutch cybersecurity firm said it also discovered a PHP-coded web skimmer that’s disguised as a favicon image (“favicon_absolute_top.jpg”) and added to the e-commerce platform’s code with the goal of injecting fraudulent payment forms and stealing credit card information entered by customers in real-time, before transmitting them to a remote server.

Furthermore, Sansec researchers said the PHP code was hosted on a server located in Hong Kong and that it was previously used as a “skimming exfiltration endpoint in July and August of this year.”

Source link

[email protected] (Ravie Lakshmanan)

Get worry-free complete website cleanup and protection

Our software continuously scans for malware using our accurate anti-malware database; your site continues to run stable after cleanup. Malware removal takes a moment, not hours. Compatible with PHP-based websites and popular frameworks like WordPress, Drupal, Joomla, DLE, etc.

Our website antivirus does more than just find and remove infected files on your website or put them in quarantine, It removes malicious code (redirections, trojans, backdoors, shell scripts, and other malicious code) from files like PHP, JS, HTML, images, and system files in seconds with high accuracy.

Share your love