E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed
Xurum by Akamai, leverage a now-patched critical security flaw (
CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution. "The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days," Akamai researchers
said in an analysis published last week, attributing the campaign to actors of Russian origin.
Some of the websites have also been observed to be infected with simple JavaScript-based skimmers that's designed to collect credit card information and transmit it to a remote server. The exact scale of the campaign remains unclear. In the attack chains observed by the company, CVE-2022-24086 is weaponized for initial access, subsequently exploiting the foothold to execute malicious PHP code that gathers information about the host and drops a web shell named wso-ng that masquerades as a Google Shopping Ads component.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
