Home Cyber Attack New Golang-based Linux Malware Targets Ecommerce Platforms
Cyber AttackLatest Cyber Security News | Network Security HackingNews

New Golang-based Linux Malware Targets Ecommerce Platforms

by Abeerah Hashim
written by Abeerah Hashim
DangerousPassword attack group infects desktops with malware

Researchers discovered a new web skimmer in the wild found to be targeting online stores. The Linux malware is deployed on ecommerce servers to steal users’ payment information.

Linux Malware Targeting Ecommerce Platforms

The cybersecurity firm Sansec has recently shared insights about a new Linux malware targeting ecommerce services.

As elaborated in their post, the researchers found this malware while inspecting a site upon the merchant’s request to detect the sneaky malware. They eventually caught a Golang-based web skimmer running on the servers.

The threat actors behind this campaign precisely exploited a vulnerable plugin running on the online store’s site.

We found that the attacker started with automated eCommerce attack probes, testing for dozens of weaknesses in common online store platforms. After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins. S/he then uploaded a webshell and modified the server code to intercept customer data.

Consequently, the attackers also deployed a sneaky executable linux_avp that disguises as fake ps -ef process. This executable serves as a backdoor on the target servers to receive commands from the attackers. This backdoor also injects malicious crontab entry to achieve persistence to resist server reboots.

The malware uploads the file to add fake payment forms.

A file was added to the eCommerce platform code called app/design/frontend/favicon_absolute_top.jpg, which contains PHP code to retrieve a fake payment form and inject it in the store.

Analyzing the malware server and IP hints that the origin server is from China.

Malware Currently Evades Detection

The researchers found this web skimmer active recently. However, the malware has managed to stay under the radar. Hence, the majority of antimalware solutions presently do not detect this malware.

Online store merchants should remain careful about the security of their websites. Perhaps, thorough website audits and scans might help to detect such threats quickly.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses