Warnung: Adobe Commerce- und Magento-Shops werden von CosmicSting-Exploit angegriffen

Teilen:

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting.

Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming, credited to a researcher named “spacewasp,” was patched by Adobe in June 2024.

Dutch security firm Sansec, which has described CosmicSting as the “worst bug to hit Magento and Adobe Commerce stores in two years,” said the e-commerce sites are being compromised at the rate of three to five per hour.

The flaw has since come under widespread exploitation, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog in mid-July 2024.

Some of these attacks involve weaponizing the flaw to steal Magento’s secret encryption key, which is then used to generate JSON Web Tokens (JWTs) with full administrative API access. The threat actors have then been observed taking advantage of the Magento REST API to inject malicious scripts.

This also means that applying the latest fix alone is insufficient to secure against the attack, necessitating that site owners take steps to rotate the encryption keys.

Subsequent attacks observed in August 2024 have chained CosmicSting with CNEXT (CVE-2024-2961), a vulnerability in the iconv library within the GNU C library (aka glibc), to achieve remote code execution.

“CosmicSting (CVE-2024-34102) allows arbitrary file reading on unpatched systems. When combined with CNEXT (CVE-2024-2961), threat actors can escalate to remote code execution, taking over the entire system,” Sansec noted.

The end goal of the compromises is to establish persistent, covert access on the host via GSocket and insert rogue scripts that allow for the execution of arbitrary JavaScript received from the attacker in order to steal payment data entered by users on the sites.

The latest findings show that several companies, including Ray Ban, National Geographic, Cisco, Whirlpool, and Segway, have fallen victim to CosmicSting attacks, with at least seven distinct groups partaking in the exploitation efforts –

  • Group Bobry, which uses whitespace encoding to hide code that executes a payment skimmer hosted on a remote server
  • Group Polyovki, which uses an injection from cdnstatics.net/lib.js
  • Group Surki, which uses XOR encoding to conceal JavaScript code
  • Group Burunduki, which accesses a dynamic skimmer code from a WebSocket at wss://jgueurystatic[.]xyz:8101
  • Group Ondatry, which uses custom JavaScript loader malware to inject bogus payment forms that mimic the legitimate ones used by the merchant sites
  • Group Khomyaki, which exfiltrates payment information to domains that include a 2-character URI (“rextension[.]net/za/”)
  • Group Belki, which uses CosmicSting with CNEXT to plant backdoors and skimmer malware

“Merchants are strongly advised to upgrade to the latest version of Magento or Adobe Commerce,” Sansec said. “They should also rotate secret encryption keys, and ensure that old keys are invalidated.”

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
11:18 am, Juli 11, 2025
Wetter-Symbol 28°C
L: 26° | H: 30°
wenige Wolken
Luftfeuchtigkeit: 45 %
Druck: 1021 mb
Wind: 4 mph ENE
Windböe: 6 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 13%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:56 am
Sonnenuntergang: 9:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
26° | 30°°C 0 mm 0% 8 mph 47 % 1021 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
18° | 30°°C 0 mm 0% 9 mph 65 % 1018 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
17° | 27°°C 0 mm 0% 7 mph 73 % 1014 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
20° | 29°°C 0 mm 0% 14 mph 71 % 1017 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
15° | 27°°C 0 mm 0% 13 mph 71 % 1021 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
29° | 29°°C 0 mm 0% 3 mph 42 % 1021 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
30° | 31°°C 0 mm 0% 5 mph 34 % 1019 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
28° | 28°°C 0 mm 0% 5 mph 28 % 1017 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
18° | 18°°C 0 mm 0% 4 mph 55 % 1018 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 4 mph 65 % 1018 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 6 mph 64 % 1018 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
24° | 24°°C 0 mm 0% 6 mph 45 % 1017 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€101,139.88
6.59%
Ethereum(ETH)
€2,571.95
8.45%
Fesseln(USDT)
€0.85
0.01%
XRP(XRP)
€2.24
7.60%
Solana(SOL)
€140.51
4.38%
USDC(USDC)
€0.85
0.01%
Dogecoin(DOGE)
€0.170312
10.25%
Shiba Inu(SHIB)
€0.000011
7.93%
Pepe(PEPE)
€0.000011
15.70%
Peanut das Eichhörnchen(PNUT)
€0.246894
20.17%
Nach oben scrollen